[163127] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: High throughput bgp links using gentoo + stipped kernel

daemon@ATHENA.MIT.EDU (Matt Palmer)
Mon May 20 18:38:11 2013

Date: Tue, 21 May 2013 07:45:58 +1000
From: Matt Palmer <mpalmer@hezmatt.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <5199635F.1050606@rollernet.us>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
> On 5/19/13 4:27 PM, Ben wrote:
> > Do you actually need stateful filtering?  A lot of people seem to think
> > that it's important, when really they're accomplishing little from it,
> > you can block ports etc without it.
> 
> I believe PCI compliance requires it, other things like it probably do too.

There'd be very few PCI compliant sites if PCI required stateful firewalling
in core routers.

- Matt


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[163127] in North American Network Operators' Group

Re: High throughput bgp links using gentoo + stipped kernel

daemon@ATHENA.MIT.EDU (Matt Palmer)Mon May 20 18:38:11 2013

daemon@ATHENA.MIT.EDU (Matt Palmer)
Mon May 20 18:38:11 2013