Re: Let's talk about yum and p2p in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Joe Zeff <joe@xxxxxxx> said:
> Before somebody steps in again to point out that NAT isn't a firewall, 
> I'd like to give my perspective on it.  If your router uses NAT and only 
> forwards those ports you've told it to (and then, each port only goes to 
> one machine) port scanners can't find your machines because nothing 
> responds to their attempts to connect.  And, of course, even if you have 
> malware trying to act as some sort of server it won't do any good unless 
> your machine initiates the connection.  No, this isn't a firewall, but 
> it's better than having your box sitting on the net completely exposed. 
>   Consider NAT as one layer of protection in a properly designed and 
> implemented defense in depth.

NAT is a combination of a stateful firewall and a packet mangler (that
changes the IP+port fields).  A stateful firewall without a packet
mangler (i.e. no NAT) is just as secure.
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux