From owner-freebsd-net@FreeBSD.ORG  Mon Apr 15 10:32:47 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 149E3EE1;
 Mon, 15 Apr 2013 10:32:47 +0000 (UTC) (envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
 [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id CB88120A;
 Mon, 15 Apr 2013 10:32:46 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
 [IPv6:2001:470:923f:1:d051:3b46:4a53:4fdc])
 (Authenticated sender: lev@serebryakov.spb.ru)
 by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id C821F4AC57;
 Mon, 15 Apr 2013 14:32:38 +0400 (MSK)
Date: Mon, 15 Apr 2013 14:32:37 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
Organization: FreeBSD Project
X-Priority: 3 (Normal)
Message-ID: <195468703.20130415143237@serebryakov.spb.ru>
To: Kimmo Paasiala <kpaasial@gmail.com>
Subject: Re: ipfilter(4) needs maintainer
In-Reply-To: <CA+7WWSeODqdP1_7MDs6=BiGF+DSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com>
References: <20130411201805.GD76816@FreeBSD.org>
 <20130414160648.GD96431@in-addr.com>
 <36562.1365960622.5652758659450863616@ffe10.ukr.net>
 <201304150025.07337.Mark.Martinec+freebsd@ijs.si>
 <951943801.20130415141536@serebryakov.spb.ru>
 <CA+7WWSeODqdP1_7MDs6=BiGF+DSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-net@freebsd.org,
 current@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: lev@FreeBSD.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 10:32:47 -0000

Hello, Kimmo.
You wrote 15 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 14:26:40:

>> MM> ... and as far as I can tell none of them is currently usable
>> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard),
>> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :(
>>  IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will
>> render all that NAT nightmare to void. I hope, IPv6 prefix translation
>> will not be possible never ever!

KP> Things like ftp-proxy(8) will need address translation even with IPv6.
  ftp-proxy is solution to help IPv4 NAT. Why do we need it when every
device could have routable IPv6? Of course, _every_ device should be
protected by border firewall (stateful and IPv6-enabled), but FTP
server should have special rules for it to allow traffic pass, not
some "proxy".

 And, yes, NAT64 will be useful for sure, but it is another story,
not IPv6<->IPv6 translation.

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>