Andrew McGlashan a écrit : > > Well .... NAT does have it's advantages, one being that it can act as a > reasonably good barrier as a NATural firewall.
This is a common misconception. I cannot tell about other NAT's, but Netfilter NAT is not a barrier at all. > but if you have every device with IPv6 (or v4 for that matter) being > addressable from any location, NAT does not prevent this. Private (for IPv4) or unique local (for IPv6) addressing prevents it. > then personal firewalls will become much more important. > > An unpatched machine [for whatever reason], behind NAT has a fighting > chance, but one which is directly addressable from the Internet is much > more vulnerable to attack. This is not correct. A stateful packet filter replacing the NAT at the border will just do the job. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d650856.6010...@plouf.fr.eu.org