On Thu, 2011-03-31 at 03:59 -0400, Phil Pennock wrote: > On 2011-03-30 at 14:34 -0500, Matt Lawrence wrote: > > On Wed, 30 Mar 2011, Dan Foster wrote: > > > To summarize Derek's position: IPv4 NAT fails safe, IPv6 -- not so much. > > It's also a defense in depth, the NAT and the firewall on IPV6 each > > provide security. > No. The firewall is what drops the source-routed packets which come in > over the Internet to the firewall with a final destination in RFC1918 > address-space. > The security on these boxes is *entirely* the firewall, not the NAT.
+1 +1 +1 Just keep saying it, eventually it will sink in. As for protection from misconfiguration / firewall-flaws - if you are that concerned you install more that one firewall. On virtualized platforms this is common and easy; and with IPv6 you have enough address space to layer your DMZs a mile deep. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
