20 May
2013
20 May
'13
7:47 p.m.
On 5/20/13 2:45 PM, Matt Palmer wrote: > On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote: >> On 5/19/13 4:27 PM, Ben wrote: >>> Do you actually need stateful filtering? A lot of people seem to think >>> that it's important, when really they're accomplishing little from it, >>> you can block ports etc without it. >> I believe PCI compliance requires it, other things like it probably do too. > There'd be very few PCI compliant sites if PCI required stateful firewalling > in core routers. Putting your border router in scope for your pci environment is imho an engineering/documentation mistake. > - Matt > >