On Thursday, June 19, 2003, at 03:27 PM, Melinda Shore wrote:
Keith, I don't get this argument. A NAPT is a firewall by your own definition "I believe the primary purpose of firewalls should be to protect the network, not the hosts, from abusive or unauthorized usage." It's implementing a very simple policy, protect me from the outside world.
NAT has problematically constrained policy capabilities.
Does that mean that a NAT is a workable firewall but introduces undesirable side effects? Is it (or could it be) possible to make an equally workable firewall, at a low price, that doesn't introduce to constrained policy capabilities?
simon
