Thus wrote Keith Moore ([email protected]):
> it's the idea that you need to NAT all or most of your hosts for security
> reasons that is fatally flawed.
No, I don't need to NAT for security reasons, I need to restrict the
network exchanges that may happen with un-hardened hosts for security
reasons. The result is that NAT+firewall rules does not give any less
connectivity than the firewall rules alone. Adding NAT on top of the
security measures that need to be there anyway does not lessen the
amount of connectivity these squishy hosts get, but it -may- improve it.
regards,
spz
--
[email protected] (S.P.Zeidler)
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
