I don't need no stinking firewall!

Joe Maimon jmaimon at ttec.com
Thu Jan 14 17:13:07 UTC 2010

Dobbins, Roland wrote:
> On Jan 10, 2010, at 1:22 PM, harbor235 wrote:
>> Again, a firewall has it's place just like any other device in the network, defense in>>>  depth is a prudent philosophy to reduce the chances of compromise, it does not>>>eliminate it nor does any architecture you can think of, period
> What a ridiculous statement - of course it does.
> *The place of the stateful firewall is in front of clients, not servers*.

Servers can also be clients who can benefit from state tracking.

The best answer I have to that scenario is to make the client path 
different than the server path.


More information about the NANOG mailing list