| ▲ | mystraline 2 hours ago | |
Repeating the same wrong points doesnt make you right. Every NAT based product will have a firewall built in also by default. And it'll be deny-all except for conn-tracked. And that L2 attack is a martian packet. Why are you allowing reserved IPs talk on public network interfaces (hello, spoofing and obvious at that)? These are always blocked due to the reasons you describe. | ||
| ▲ | Dylan16807 an hour ago | parent [-] | |
> Every NAT based product will have a firewall built in also by default. Well that's the point of the article isn't it? That the firewall is the important part, not the NAT. | ||