Date: Wed, 02 Jul 2003 14:38:15 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: Performance improvement for NAT in IPFIREWALL Message-ID: <3F0350C7.7010009@tenebras.com> In-Reply-To: <3F0331EE.6020707@mac.com> References: <3F0316DE.3040301@tenebras.com> <20030702183838.GB4179@pit.databus.com> <3F0327FE.3030609@tenebras.com> <3F0331EE.6020707@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger wrote: > Many people are wrong, then. NAT is not a security feature. We simply disagree. > [ NAT sucks. In a very useful way, of course. Exogenous requirements > may impose unreasonable constraints upon implementing the technically > preferrable solution, just as "inept excess verbiage may disqualify > qualifiers". And "But soft, what light through yonder window breaks?" > and other tasty bits from the "Applesoft Reference Manual".... ] Yep, NAT sucks. Exogenous requirements are often generated by marketing fools who think we need to match a technically trivial and meaningless feature in someone else's product. However, twenty some odd years of software engineering has taught me to pick my fights ;-) Back to the original topic -- divert functionality for ng_ksocket? Useful for much more than nat.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0350C7.7010009>