|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Fri, 18 Apr 2014 22:04:35 -0400 From: Jeff Kell <jeff-kell@utc.edu> To: "Dobbins, Roland" <rdobbins@arbor.net>, "nanog@nanog.org" <nanog@nanog.org> In-Reply-To: <6C9B51B5-8C16-467F-8F83-464549359F94@arbor.net> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On 4/18/2014 9:53 PM, Dobbins, Roland wrote: > On Apr 19, 2014, at 1:20 AM, William Herrin <bill@herrin.us> wrote: > >> There isn't much a firewall can do to break it. > As someone who sees firewalls break the Internet all the time for those whose packets have the misfortune to traverse one, I must respectfully disagree. If end-to-end connectivity is your idea of "the Internet", then a firewall's primary purpose is to break the Internet. It's how we provide access control. If a firewall blocks "legitimate, authorized" access then perhaps it adds to breakage (PMTU, ICMP, other blocking) but otherwise it works. As to address the other argument in this threat on NAT / private addressing, PCI requirement 1.3.8 pretty much requires RFC1918 addressing of the computers in scope... has anyone hinted at PCI for IPv6? Jeff
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |