On 7/2/07 11:14 AM, "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
There is no other device that can provide me with a lightweight firewall for
Of course there is - the same device that's providing the NAT.
NAT by itself is intrinsically policy-free, although it implements
policy as a side-effect. I'm unclear on why you think that a
default-deny policy is better implemented on a NAT than on a
Ietf mailing list