Future of pf / firewall in FreeBSD ? - does it have one ?
Willem Jan Withagen
wjw at digiware.nl
Tue Jul 29 07:32:24 UTC 2014
On 2014-07-29 0:07, Kevin Oberman wrote:
> And all IPv6 NAT is evil and should be cast into (demonic residence of your
> choosing) on sight!
>
> NAT on IPv6 serves no useful purpose at all. It only serves to complicate
> things and make clueless security officers happy. It adds zero security. It
> is a great example of people who assume that NAT is a security feature in
> IPv4 (it's not) so it should also be in IPv6.
......
> So putting support for NAT66 or any IPv6 NAT into a firewall is just
> making things worse. Please don't do it!
Well said....
I'm actually rather relieved that natd can/should go away.
Stops giving me migraines with all those special protocl cases that
don't like to be natted.. Which of course started as early as FTP.
--WjW
More information about the freebsd-current
mailing list