I don't need no stinking firewall!

Ryan Brooks ryan at hack.net
Tue Jan 5 23:14:05 CST 2010


On 1/5/10 3:24 PM, Robert Brockway wrote:
> On Tue, 5 Jan 2010, Dobbins, Roland wrote:
>
> The problem is that your premise is wrong.  Stateful firewalls 
> (hereafter just called firewalls) offer several advantages.  This list 
> is not necessarily exhaustive.
>
Great advantages list, but where's the disadvantages list?

Here's mine:

1..n) Stateful firewalls go down.  It's the very nature of what they 
do.  If you haven't had this problem, then your application is small.

Everyone needs to listen to Roland's mantra: "stateless ACLs in hardware 
than can handle Mpps".  It's more than just a hint.






More information about the NANOG mailing list