Joe Greco wrote, on 2009-12-11 08:36:
Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen.
If you make it "smart" (i.e. UPnP) then it will of course autoconfigure itself for an appropriate virus.
However, your average home user often doesn't change their $FOOGEAR password from the default of 1234, and it is reasonable to assume that at some point, viruses will ship with some minimal knowledge of how to "manually" fix their networking environment. Or better yet? Runs a password cracker until it figures it out, since the admin interfaces on these things are rarely hardened.
If you actually /do/ a really good firewall, then of course users find it "hard to use" and your company takes a support hit, maybe gets a bad reputation, etc.
There's no winning.
Agreed. We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. Thanks, Simon -- DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca vCard 4.0 --> http://www.vcarddav.org