On Thursday, June 19, 2003, at 01:54 PM, Keith Moore wrote:
Keith, I don't get this argument. A NAPT is a firewall by your own
definition "I believe the primary purpose of firewalls should be to
protect the network, not the hosts, from abusive or unauthorized
usage."
only if the policy that the user wants is exactly what the NAPT
provides. it's unrealistic to assume that most NAPT users do not want
to run any apps that accept externally-originated traffic, ever. it's
also unrealistic to assume that most threats to the networks are from
outside the network, or that any kind of perimeter security will
protect
a network of significant size from attack.
Yes, I agree, that NAPTs have tons of side effects, and that's a bad
thing. But, for the average home user on DSL, they have purchased
millions upon millions of these things. It's a tiny little network and
they have full control over all the hosts. So for them, the NAPT
firewalling function is very useful. (and the network vs. hosts
distinction doesn't make sense, does it?)
simon