[LINK] www.ipv6.org.au/summit
Karl Auer
kauer at biplane.com.au
Sun Aug 31 13:34:46 AEST 2008
On Sun, 2008-08-31 at 10:37 +0800, Adrian Chadd wrote:
> > filtering. "Allow established back, block everything else". NAT is not
> > needed.
>
> Stateless packet filtering won't work in every instance.
No, of course not, But it's pretty much all you get from NAT, as a side
effect of how it works. I'm not sure if you're agreeing with me here,
making an additional point, or something else. You're not saying, are
you, that the average NAT device has anything approaching reasonable
stateful packet filtering?
> Sorry, the 90's called, they want their sensible protocol designers
> back.
Indeed. NAT pretty much killed sensible application protocol design,
because it (of necessity) took away end-to-end transparency.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at : random.sks.keyserver.penguin.de
More information about the Link
mailing list