“But is NAT, alone, really sufficient? A true firewall does
stateful packet inspection. A lot of cracking exploits rely on the
fact that unexpected outbound traffic is never filtered, hence
the need to correlate what goes outbound with what came
inbound….”
“I’ve always been a big fan of network appliances. The first one
I fell in love with was the Cayman Gatorbox, which was nominally an
Ethernet/Appletalk router, but could also make UNIX NFS servers
look like AppleShare servers. When it arrived at Byte.com, we just
plugged it in, enjoyed the services that it provided, and that was
that.”
“When it comes to firewalls, convenience isn’t the only virtue
of an appliance-like solution. When I read O’Reilly’s classic
“Building Internet Firewalls” by D. Brent Chapman and Elizabeth
Zwicky, I was depressed for about a week. Why?…”