ipfire is mentioned in the press article about NAT slipstreaming by heise online (penultimate paragraph)
Thanks @tofficap !
Concerning Heise’s blatant content:
Nun sind die Cyberkriminellen in der Lage, …
Dabei umgehen sie die herkömmliche Sicherheitsarchitektur, wie Firewalls und NAT-Tabellen …
To put it straight:
SIP ALG is a mechanism to bypass the very basics of any firewall:
- the user’s firewall configuration decides who is to enter or kept outside
Instead, strangers are invited to overrule these limitations “to the user’s comfort”:
- open additional ports according to “the user’s needs”
That’s what I call “broken by design” → “broken by purpose”.
Why invest into a firewall in the first place?
So nobody should blame those ‘evil cyberkriminals’ to exploit this ridiculous invitation
to overrule these limitations to their liking → to their comfort.