> >I'd argue that, in theory, it also doesn't help you any less. I'm more or
> >less happy to use just NAT for low threat sites. I usually configure
> >filtering rules as well, but they're only there to keep me in the habit.
>
> Does NAT block an inbound packet going to 10.1.2.3 (assuming this is
> a private address). Unless you have an implicit filtering rule, it won't.
> I guess that you have a default filtering rule that blocks inbound
> packets that are not part of NAT session. In which case, the packet
> is blocked by the filter part of the implementation, not by the NAT part.
>
Ah, you mean anti-spoofing protection, in effect. That should be put in
place, yes. Good point, mouss.
Cheers,
Tobias
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
