Just curious and perhaps off topic a tad but; is the stateful filtering of sessions on a router to replace a firewall? Or is there another reason to do it? I could see a benefit of creating blacklists, however, I'm struggling with what other benefits it would provide...service aware load-balancing? I'm very interested to learn what other strategies and or design considerations would be made with thinking of using filtering on a router.
I'm perfectly willing to accept consolidation of services :-) On Mon, May 20, 2013 at 3:45 PM, Matt Palmer <[email protected]> wrote: > On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote: > > On 5/19/13 4:27 PM, Ben wrote: > > > Do you actually need stateful filtering? A lot of people seem to think > > > that it's important, when really they're accomplishing little from it, > > > you can block ports etc without it. > > > > I believe PCI compliance requires it, other things like it probably do > too. > > There'd be very few PCI compliant sites if PCI required stateful > firewalling > in core routers. > > - Matt > > > -- Phil Fagan Denver, CO 970-480-7618
