Security gain from NAT

brett watson brett at
Tue Jun 5 05:23:14 UTC 2007

On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:

> A SI firewall ruleset equivalent to PAT is a single rule on a  
> CheckPoint firewall (as an example):
> Src: Internal - Dst: Any - Action: Allow
> Done.

Done indeed! Botnet operators *love* this policy. This type of policy  
is probably worse than any issue discussed in this thread so far.


More information about the NANOG mailing list