[163130] in North American Network Operators' Group
Re: High throughput bgp links using gentoo + stipped kernel
daemon@ATHENA.MIT.EDU (joel jaeggli)
Mon May 20 19:47:30 2013
Date: Mon, 20 May 2013 16:47:12 -0700
From: joel jaeggli <joelja@bogus.com>
To: nanog@nanog.org
In-Reply-To: <20130520214558.GE26847@hezmatt.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 5/20/13 2:45 PM, Matt Palmer wrote:
> On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
>> On 5/19/13 4:27 PM, Ben wrote:
>>> Do you actually need stateful filtering? A lot of people seem to think
>>> that it's important, when really they're accomplishing little from it,
>>> you can block ports etc without it.
>> I believe PCI compliance requires it, other things like it probably do too.
> There'd be very few PCI compliant sites if PCI required stateful firewalling
> in core routers.
Putting your border router in scope for your pci environment is imho an
engineering/documentation mistake.
> - Matt
>
>
