[CentOS] IPV4 is nearly depleted, are you ready for IPV6?
Ross Walker
rswwalker at gmail.com
Mon Dec 6 14:53:08 UTC 2010
On Dec 6, 2010, at 8:37 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote:
> NO NO NO NO NO NO NO and NO! (*@!^&*@$ &@*^*&$@ &*@^*&@ How many
> times does this have to be explained??? NAT *IS* *NOT* a @*(&^*(^@(*@
> security tool. It isn't. Stop saying it is. You use *firewalls* for
> security. Just block ingress traffic and you are just as well off as
> you are on NAT - and odds are in your NAT configure you are doing that
> already. All you do is eliminate the hacks, performance penalty, and
> interoperability problems created by NAT. NAT is a *problem*, not a
> solution for anything other than a deficient network protocol.
There is no arguing that NAT is not a security tool, but if your firewall drops it's pants it's better to have non-routable addresses behind it.
-Ross
More information about the CentOS
mailing list