High throughput bgp links using gentoo + stipped kernel
philfagan at gmail.com
Mon May 20 23:08:18 UTC 2013
Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it would provide...service
aware load-balancing? I'm very interested to learn what other strategies
and or design considerations would be made with thinking of using filtering
on a router.
I'm perfectly willing to accept consolidation of services :-)
On Mon, May 20, 2013 at 3:45 PM, Matt Palmer <mpalmer at hezmatt.org> wrote:
> On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
> > On 5/19/13 4:27 PM, Ben wrote:
> > > Do you actually need stateful filtering? A lot of people seem to think
> > > that it's important, when really they're accomplishing little from it,
> > > you can block ports etc without it.
> > I believe PCI compliance requires it, other things like it probably do
> There'd be very few PCI compliant sites if PCI required stateful
> in core routers.
> - Matt
More information about the NANOG