On 5/20/13 2:45 PM, Matt Palmer wrote:
On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:
On 5/19/13 4:27 PM, Ben wrote:
Do you actually need stateful filtering? A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.
I believe PCI compliance requires it, other things like it probably do too.
There'd be very few PCI compliant sites if PCI required stateful firewalling
in core routers.
Putting your border router in scope for your pci environment is imho an
engineering/documentation mistake.
- Matt
