On Thursday, June 19, 2003, at 03:27 PM, Melinda Shore wrote:
Keith, I don't get this argument. A NAPT is a firewall by your own
definition "I believe the primary purpose of firewalls should be to
protect the network, not the hosts, from abusive or unauthorized
usage." It's implementing a very simple policy, protect me from the
outside world.
NAT has problematically constrained policy capabilities.
Does that mean that a NAT is a workable firewall but introduces
undesirable side effects? Is it (or could it be) possible to make an
equally workable firewall, at a low price, that doesn't introduce to
constrained policy capabilities?
simon