I don't need no stinking firewall!

Tim Durack tdurack at gmail.com
Wed Jan 13 09:24:41 CST 2010


Lots of interesting technical information in this thread. Mixed with a
healthy dose of religion/politics :-)

I suspect that most people are going to keep doing what they are doing.

In our environment, at the transport level, we have moved from
stateful towards stateless, as it has proved to be operationally
simpler and more resilient. At the same time some of our application
people have seen the need to put their servers behind stateful "Layer
7" firewalls (I say why stop at Layer 7?)

Here is a thought experiment:

Replace all the routers on the Internet with stateful firewalls. What happens?

Replace all the stateful firewalls on the Internet with stateless
packet filters. What is the result?

-- 
Tim:>
Sent from Brooklyn, NY, United States




More information about the NANOG mailing list