On Wed, 2010-09-08 at 21:53 -0400, James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in? It doesn't matter, it still does pretty well as such. It doesn't do anything that a properly configured firewall can't do. Start by blocking everything and then allow only what you want.
+1 With IPv6 you just block-all-incoming connections. Done. That is actually quite a bit *simpler* than NAT + firewall on IPv4. NAT is actually quite complicated and requires the "firewall" to maintain a large amount of connection state information. Non-NAT is much less resource intensive. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org