I don't need no stinking firewall!

George Bonser gbonser at seven.com
Mon Jan 11 01:40:01 UTC 2010



> I certainly understand and agree with your position, in most cases,
but
> there are some instances when a firewall serves an excellent purpose.
> As an
> example, we manage hundreds of heterogeneous servers where customers
> also
> have administrative access to the devices.  As such, we can never be
> sure
> they haven't changed something that can negatively impact the security
> of
> the server or servers.

Firewalls do have a purpose and I don't think anyone disputes that.  I
certainly have firewalls in my network.  What I believe the argument
here is about is which kinds of traffic does one use a firewall for and
which kinds of traffic are best left to other devices to handle access
control/management.

And I don't believe anyone is necessarily advocating exposing individual
servers directly to the internet either.  There are other devices that
can handle isolation of the servers and protect them against such things
as syn floods.





More information about the NANOG mailing list