Date: Tue, 29 Jul 2014 09:31:56 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: Kevin Oberman <rkoberman@gmail.com>, Darren Reed <darrenr@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <53D74DEC.3020104@digiware.nl> In-Reply-To: <CAN6yY1uHJn4xA-5zFr4fZez3FyXi7tT0LmhyR8yWkqG7k1A%2B=A@mail.gmail.com> References: <201407261843.s6QIhcx4008597@slippy.cwsent.com> <53D61AC6.5030305@freebsd.org> <CAN6yY1uHJn4xA-5zFr4fZez3FyXi7tT0LmhyR8yWkqG7k1A%2B=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-07-29 0:07, Kevin Oberman wrote: > And all IPv6 NAT is evil and should be cast into (demonic residence of your > choosing) on sight! > > NAT on IPv6 serves no useful purpose at all. It only serves to complicate > things and make clueless security officers happy. It adds zero security. It > is a great example of people who assume that NAT is a security feature in > IPv4 (it's not) so it should also be in IPv6. ...... > So putting support for NAT66 or any IPv6 NAT into a firewall is just > making things worse. Please don't do it! Well said.... I'm actually rather relieved that natd can/should go away. Stops giving me migraines with all those special protocl cases that don't like to be natted.. Which of course started as early as FTP. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53D74DEC.3020104>