Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Apr 2003 08:39:23 -0700
From:      Michael Sierchio <>
To:        "Earl A. Killian" <>
Subject:   Re: nat vs. state
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Earl A. Killian wrote:
> Is it safe to assume packets diverted to NAT are "safe" and don't need
> further checking?  In particular, can the use of dynamic/stateful
> rules be skipped for NAT packets?  It seems so, because NAT is already
> stateful.

Safe?  Define "safe." ;-)

For *dynamic* nat, probably so.  For static nat (port/addr redirect)
you'll probably want to have robust rules after diverting to natd.

Want to link to this message? Use this URL: <>