Subj : Re: Connect...??
To   : Tony Langdon
From : Markus Reschke
Date : Sun Jan 15 2017 17:32:30

Hello Tony!

Jan 14 15:42 2017, Tony Langdon wrote to Michiel van der Vlist:

 MvV>> A real firewall is something different. If so configured, it also
 MvV>> blocks unsollicited incoming packets. But it can do more that that. 

That would be a stateful firewall. The most common setup is to allow everything from LAN to the WAN, and only allow related packets from WAN to LAN.

 MvV>> It can also detect certain kind of attacks, port scans, flooding etc.

And that's an IDS. But an IDS could be integrated in a firewall product. Commonly they are labeled "UTM".

 MvV>>  Plus that a firewall can also act on outgoing traffic. OTOH, a 
 MvV>> firewall can not do translation. It is not a NAT.

A firewall is a special kind of router. So NAT is an optional feature of a firewall.

 TL> Again, agree.  Packet filtering is only one function that a firewall 
 TL> can perform, as you point out.  Either way, it's not NAT.  NAT has a 
 TL> different purpose - rewriting IP addresses to achieve some networking 
 TL> goal (most commonly share a single public IP among multiple hosts).

Sometimes it's the side effect you're interested in :)

ciao,
Markus

--- 
 * Origin: *** theca tabellaria *** (2:240/1661)

.