nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Arguing against using public IP space

From: Owen DeLong <owen () delong com>
Date: Tue, 15 Nov 2011 09:08:07 -0800

On Nov 15, 2011, at 7:54 AM, Joe Greco wrote:


If you put a router where you needed a firewall, then, this is not a =
failure of the firewall, but, a
failure of the network implementor and the address space will not have =
any impact whatsoever
on your lack of security.


And the difference between a router and a firewall is ...?

Apparently, one bit.


IMHO, a firewall does not route packets by default, but, rather only forwards
those packets which match configured policies.

A router, OTOH, routes packets by default, but, may be configured with some
policy about which packets to forward.

The difference functionally is what happens when the configuration is
lost or corrupted. Essentially fail open vs. fail closed.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: