I think you're conflating firewalls and NAT. The idea of "internal" and "externa... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gnu8 on Jan 22, 2014 \| parent \| context \| favorite \| on: TCP backdoor 32764 – how we could patch the Intern... I think you're conflating firewalls and NAT. The idea of "internal" and "external" networks still apply in a non-NAT environment but what takes some getting used to is that with full end-to-end connectivity, you're back to an implicit "default-allow" policy where NAT created an implicit "default deny". The answer is to have a default deny firewall rule on your border router (your home gateway appliance), and then allow services as needed.

zurn on Jan 22, 2014 [–]

Everything he said applies to a typical legacy corporate network that has a centralised default-deny firewall on front of it (but no NAT).

Host-based firewalls are much more flexible and have many security advanteges.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact