I don't need no stinking firewall!

Brian Johnson bjohnson at drtel.com
Wed Jan 6 22:18:27 UTC 2010

> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
> Sent: Wednesday, January 06, 2010 3:46 PM
> To: nanog at nanog.org
> Subject: Re: I don't need no stinking firewall!
> On Tue, 05 Jan 2010 23:14:05 CST, Ryan Brooks said:
> > Everyone needs to listen to Roland's mantra: "stateless ACLs in
> hardware
> > than can handle Mpps".  It's more than just a hint.
> I suspect that more than a few need to be reminded that "stateless
> in
> switch hardware" is just another name for "switch that also does
> stateless
> firewall".

I don't think so: "stateless ACLs in switch hardware" != " switch that
also does stateless firewall"

IMHO... "stateless ACLs in [switch|router] hardware" = ACLs applied to
interfaces that filter packets based on source or destination IP
addresses and ports, or protocols. Correct me if I'm wrong Roland.

 - Brian

 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information. Any unauthorized review,
copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original message. Thank you.

More information about the NANOG mailing list