Hi Paul, [re: stateless filtering] ] I find it slightly useful for UDP, but overall think the added complexity ] doesn't bring much in the way of protection if you carefully design your ] architecture. I agree fully. Performance gains aside, the security gained from stateful filtering is not always that much. Current convention would have you think so, but there is a lot to be said for ACL's ;). On the other hand, I find it much easier to configure stateful rules on a firewall especially when things like NAT are involved. Having a device that has a construct of established connections usually makes it easier to configure and manage directional flows. ] The performance information that this thread has started IS interesting, ] and it's started me wondering about the whole "filter on a router vs. ] firewall" thing again. Indeed! -- steve _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 12:01:45 PDT