Archives
Archives
| From: | James <wireless@×××××××××××.com> |
|---|---|
| To: | gentoo-user@l.g.o |
| Subject: | [gentoo-user] Re: IPTables - Going Stateless |
| Date: | Wed, 22 May 2013 02:16:54 |
| Message-Id: | loom.20130522T040220-683@post.gmane.org |
| 1 | Adam Carter <adamcarter3 <at> gmail.com> writes: |
| 2 | |
| 3 | |
| 4 | > Anyone advocating stateless firewalls in 2013 deserves scrutiny. I would |
| 5 | > be asking for some evidence there is a performance issue, and that the |
| 6 | > best solution to the problem is to turn off stateful inspection. |
| 7 | |
| 8 | |
| 9 | There are lots of tools and approaches to security. Here is something |
| 10 | you might want to investigate further: Stateless Firewall Filters: |
| 11 | great for fending off DDOS and such....... |
| 12 | |
| 13 | Instead of the maginot wall (firewall router) several different |
| 14 | security devices can be layered in a serial path to perfrom |
| 15 | various and diffent security functions. |
| 16 | |
| 17 | Here is a starting point by a fairly reputable routing vendor: |
| 18 | |
| 19 | http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/firewall-filter-overview.html |
| 20 | |
| 21 | http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-interfaces-and-routing/topic-47671.html |
| 22 | |
| 23 | http://www.juniper.net/techpubs/en_US/junos/topics/concept/firewall-filter-types.html |
| 24 | |
| 25 | |
| 26 | James |