← Back to context

Comment by kingstnap

5 hours ago

If the end effect of security is dropping packets NAT and Firewalls both in effect drop packets.

Its kind of just silly pedantry to say NATs aren't security because sure you can't do things like block specific ranges of IPs spamming you (or make outbound rules to control local devices) but 99% of people don't need.

7 comments

kingstnap

Reply
oofbey  5 hours ago

I understand ipv4 networks pretty well. And I would say that any device doing NAT is acting as a basic firewall. Do “true” firewalls do more? Sure. But saying NAT doesn’t provide security is flat out wrong.

  • fsh  4 hours ago

    If your router had only NAT and someone (i.e. your ISP) sends it a package addressed to somewhere inside your internal IP range, it will happily forward it. A firewall would block it.

    • ErroneousBosh  2 hours ago

      Okay, I'm running tcpdump on my desktop. Send me some packets to 192.168.1.127 and I'll watch out for them.

    • kijin  3 hours ago

      Find me a consumer IPv4 router sold in the last ~10 years that does that by default.

      Security comparisons should be between proposed new tech vs. existing tech, not vs. hypothetical straw-man tech.

      2 replies →