[Cialug] Slightly OT - IPv6 sillyness
Zachary Kotlarek
zach at kotlarek.com
Wed Jul 9 18:38:07 CDT 2014
On Jul 9, 2014, at 2:42 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> That's why it is the *first* layer of security, ..
It’s not *any* kind of security without a firewall.
NAT without a firewall simply mangles the source/destination address of packets before forwarding them. There’s nothing inherent about NAT that keeps outside hosts from accessing IPs and ports inside your network — at best that’s a matter of configuration, and in most systems any configuration-related security is actually enforced by a connection-tracking firewall without the involvement of the NAT engine. That’s certainly the case in kernel NAT in linux, where the firewall first makes decisions about which packets to forward and then applies the same NAT process to all packets without further enforcement checks.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2749 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20140709/f194b395/attachment.bin>
More information about the Cialug
mailing list