← Back to context

Comment by mystraline

8 hours ago

Repeating the same wrong points doesnt make you right.

Every NAT based product will have a firewall built in also by default. And it'll be deny-all except for conn-tracked.

And that L2 attack is a martian packet. Why are you allowing reserved IPs talk on public network interfaces (hello, spoofing and obvious at that)? These are always blocked due to the reasons you describe.

https://en.wikipedia.org/wiki/Martian_packet

1 comment

mystraline

Reply
Dylan16807  6 hours ago

> Every NAT based product will have a firewall built in also by default.

Well that's the point of the article isn't it? That the firewall is the important part, not the NAT.