From: | James <wireless@×××××××××××.com> |
---|---|
To: | gentoo-user@l.g.o |
Subject: | [gentoo-user] Re: IPTables - Going Stateless |
Date: | Wed, 22 May 2013 02:16:54 |
Message-Id: | loom.20130522T040220-683@post.gmane.org |
1 | Adam Carter <adamcarter3 <at> gmail.com> writes: |
2 | |
3 | |
4 | > Anyone advocating stateless firewalls in 2013 deserves scrutiny. I would |
5 | > be asking for some evidence there is a performance issue, and that the |
6 | > best solution to the problem is to turn off stateful inspection. |
7 | |
8 | |
9 | There are lots of tools and approaches to security. Here is something |
10 | you might want to investigate further: Stateless Firewall Filters: |
11 | great for fending off DDOS and such....... |
12 | |
13 | Instead of the maginot wall (firewall router) several different |
14 | security devices can be layered in a serial path to perfrom |
15 | various and diffent security functions. |
16 | |
17 | Here is a starting point by a fairly reputable routing vendor: |
18 | |
19 | http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/firewall-filter-overview.html |
20 | |
21 | http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-interfaces-and-routing/topic-47671.html |
22 | |
23 | http://www.juniper.net/techpubs/en_US/junos/topics/concept/firewall-filter-types.html |
24 | |
25 | |
26 | James |