I don't need no stinking firewall!
Ryan Brooks
ryan at hack.net
Wed Jan 6 05:14:05 UTC 2010
On 1/5/10 3:24 PM, Robert Brockway wrote:
> On Tue, 5 Jan 2010, Dobbins, Roland wrote:
>
> The problem is that your premise is wrong. Stateful firewalls
> (hereafter just called firewalls) offer several advantages. This list
> is not necessarily exhaustive.
>
Great advantages list, but where's the disadvantages list?
Here's mine:
1..n) Stateful firewalls go down. It's the very nature of what they
do. If you haven't had this problem, then your application is small.
Everyone needs to listen to Roland's mantra: "stateless ACLs in hardware
than can handle Mpps". It's more than just a hint.
More information about the NANOG
mailing list