Re: selecting old machines for firewall/router use
Andrew McGlashan a écrit :
>
> Well .... NAT does have it's advantages, one being that it can act as a
> reasonably good barrier as a NATural firewall.
This is a common misconception. I cannot tell about other NAT's, but
Netfilter NAT is not a barrier at all.
> but if you have every device with IPv6 (or v4 for that matter) being
> addressable from any location,
NAT does not prevent this. Private (for IPv4) or unique local (for IPv6)
addressing prevents it.
> then personal firewalls will become much more important.
>
> An unpatched machine [for whatever reason], behind NAT has a fighting
> chance, but one which is directly addressable from the Internet is much
> more vulnerable to attack.
This is not correct. A stateful packet filter replacing the NAT at the
border will just do the job.
Reply to: