Once upon a time, Joe Zeff <joe@xxxxxxx> said: > Before somebody steps in again to point out that NAT isn't a firewall, > I'd like to give my perspective on it. If your router uses NAT and only > forwards those ports you've told it to (and then, each port only goes to > one machine) port scanners can't find your machines because nothing > responds to their attempts to connect. And, of course, even if you have > malware trying to act as some sort of server it won't do any good unless > your machine initiates the connection. No, this isn't a firewall, but > it's better than having your box sitting on the net completely exposed. > Consider NAT as one layer of protection in a properly designed and > implemented defense in depth. NAT is a combination of a stateful firewall and a packet mangler (that changes the IP+port fields). A stateful firewall without a packet mangler (i.e. no NAT) is just as secure. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
