Re: Firewalling for the new millennium, was: Problem of blocking ICMP packets
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Firewalling for the new millennium, was: Problem of blocking ICMP packets
On Saturday, May 8, 2004, at 11:31 AM, Iljitsch van Beijnum wrote:
Yes, this is good stuff. But I don't think distributed firewalling on
its own is the full answer.
I think it's pretty clear at this point that there is no full
answer, or that if there is it's multi-component and situation-
dependent. I think that it's pretty clear that we need to make
sure that we're allowing network administrators better control
of their own networks, and distributed firewalling can anchor that
(how security policy is passed around). Unfortunately I think there
will continue to be a need for firewalls at network borders, at
least towards the edge. NAT doesn't properly belong in this discussion
but since it's here anyway it should be regarded as part of the
network border packet filtering whatever and probably ought to be
included in participation in enforcing security policy.
Melinda
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
