[120949] in North American Network Operators' Group
RE: I don't need no stinking firewall!
daemon@ATHENA.MIT.EDU (Brian Johnson)
Wed Jan 6 17:19:09 2010
Date: Wed, 6 Jan 2010 16:18:27 -0600
In-Reply-To: <24355.1262814367@localhost>
From: "Brian Johnson" <bjohnson@drtel.com>
To: <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> Sent: Wednesday, January 06, 2010 3:46 PM
> To: nanog@nanog.org
> Subject: Re: I don't need no stinking firewall!
>=20
> On Tue, 05 Jan 2010 23:14:05 CST, Ryan Brooks said:
>=20
> > Everyone needs to listen to Roland's mantra: "stateless ACLs in
> hardware
> > than can handle Mpps". It's more than just a hint.
>=20
> I suspect that more than a few need to be reminded that "stateless
ACLs
> in
> switch hardware" is just another name for "switch that also does
> stateless
> firewall".
I don't think so: "stateless ACLs in switch hardware" !=3D " switch that
also does stateless firewall"
IMHO... "stateless ACLs in [switch|router] hardware" =3D ACLs applied to
interfaces that filter packets based on source or destination IP
addresses and ports, or protocols. Correct me if I'm wrong Roland.
- Brian
CONFIDENTIALITY NOTICE: This email message, including any attachments, =
is for the sole use of the
intended recipient(s) and may contain confidential and privileged =
information. Any unauthorized review,
copying, use, disclosure, or distribution is prohibited. If you are not =
the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the =
original message. Thank you.
