[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I don't need no stinking firewall!

Subject: I don't need no stinking firewall!
From: ryan at hack.net (Ryan Brooks)
Date: Tue, 05 Jan 2010 23:14:05 -0600
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On 1/5/10 3:24 PM, Robert Brockway wrote:
> On Tue, 5 Jan 2010, Dobbins, Roland wrote:
>
> The problem is that your premise is wrong.  Stateful firewalls 
> (hereafter just called firewalls) offer several advantages.  This list 
> is not necessarily exhaustive.
>
Great advantages list, but where's the disadvantages list?

Here's mine:

1..n) Stateful firewalls go down.  It's the very nature of what they 
do.  If you haven't had this problem, then your application is small.

Everyone needs to listen to Roland's mantra: "stateless ACLs in hardware 
than can handle Mpps".  It's more than just a hint.

Follow-Ups:
- I don't need no stinking firewall!
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

References:
- I don't need no stinking firewall!
  - From: bjohnson at drtel.com (Brian Johnson)
- I don't need no stinking firewall!
  - From: rdobbins at arbor.net (Dobbins, Roland)
- I don't need no stinking firewall!
  - From: robert at timetraveller.org (Robert Brockway)

Prev by Date: I don't need no stinking firewall!
Next by Date: I don't need no stinking firewall!
Previous by thread: I don't need no stinking firewall!
Next by thread: I don't need no stinking firewall!
Index(es):
- Date
- Thread