[171222] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Doug Barton)
Tue Apr 22 16:28:47 2014
Date: Tue, 22 Apr 2014 13:28:34 -0700
From: Doug Barton <dougb@dougbarton.us>
To: Matthew Huff <mhuff@ox.com>, Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <da78c6c4b3d74b30ac76630266ce0260@pur-vm-exch13n2.ox.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/22/2014 01:15 PM, Matthew Huff wrote:
> I wouldn't manage a corporate network without a centrally managed firewall (stateful; or not).
Matthew,
No one is saying that. What Roland is saying, and the position that I
agree with, is that putting a firewall in front of a system _that is
intended to be ON the Internet, serving external users_, is a bad idea.
I think it's a given that you'd want to protect your internal systems
with a firewall (except for the aforementioned IPv6 illuminati, of whom
I am not one).
Doug
