Let's talk about yum and p2p in Fedora
Chris Adams
cmadams at hiwaay.net
Mon Dec 27 17:44:03 UTC 2010
Once upon a time, Joe Zeff <joe at zeff.us> said:
> Before somebody steps in again to point out that NAT isn't a firewall,
> I'd like to give my perspective on it. If your router uses NAT and only
> forwards those ports you've told it to (and then, each port only goes to
> one machine) port scanners can't find your machines because nothing
> responds to their attempts to connect. And, of course, even if you have
> malware trying to act as some sort of server it won't do any good unless
> your machine initiates the connection. No, this isn't a firewall, but
> it's better than having your box sitting on the net completely exposed.
> Consider NAT as one layer of protection in a properly designed and
> implemented defense in depth.
NAT is a combination of a stateful firewall and a packet mangler (that
changes the IP+port fields). A stateful firewall without a packet
mangler (i.e. no NAT) is just as secure.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the users
mailing list