On 16/1/19 16:26, Tom Herbert wrote:
> Ron,
>
> A stateless firewall that maintains state is no longer a stateless
> firewall. Introducing state requires memory and additional logic that
> are at odds with the goal of cheap low end devices..
>
> A stateless firewall could just drop the first
FWIW...
On 1/16/2019 11:26 AM, Tom Herbert wrote:
> ...A stateless firewall could just drop the first fragment that
> contains the transport layer header and allow non first fragments to
> past. This achieves the filtering goal to prevent delivery of the
> reassmbled packet.
That works only if
> Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom
> Herbert)
>
> On Wed, Jan 16, 2019 at 11:40 AM Ron Bonica wrote:
> >
> > Inline…..
> >
> >
> >
> > From: Tom Herbert
> > Sent: Wednesday, January 16, 2019 2:27 PM
&
On Wed, Jan 16, 2019 at 11:40 AM Ron Bonica wrote:
>
> Inline…..
>
>
>
> From: Tom Herbert
> Sent: Wednesday, January 16, 2019 2:27 PM
> To: Ron Bonica
> Cc: int-area
> Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom
> Herbert)
>
>
Inline…..
From: Tom Herbert
Sent: Wednesday, January 16, 2019 2:27 PM
To: Ron Bonica
Cc: int-area
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica
mailto:rbon...@juniper.net> wrote:
Tom,
Please take a look at Sect
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica Tom,
>
> Please take a look at Section 4.3 (Stateless Firewalls). How can the
> stateless firewall behave optimally without maintaining state?
>
Ron,
A stateless firewall that maintains state is no longer a stateless
firewall. Introducing state requires