I don't need no stinking firewall!
ryan at hack.net
Tue Jan 5 23:14:05 CST 2010
On 1/5/10 3:24 PM, Robert Brockway wrote:
> On Tue, 5 Jan 2010, Dobbins, Roland wrote:
> The problem is that your premise is wrong. Stateful firewalls
> (hereafter just called firewalls) offer several advantages. This list
> is not necessarily exhaustive.
Great advantages list, but where's the disadvantages list?
1..n) Stateful firewalls go down. It's the very nature of what they
do. If you haven't had this problem, then your application is small.
Everyone needs to listen to Roland's mantra: "stateless ACLs in hardware
than can handle Mpps". It's more than just a hint.
More information about the NANOG