Performance improvement for NAT in IPFIREWALL
Chuck Swiger
cswiger at mac.com
Wed Jul 2 12:26:49 PDT 2003
Michael Sierchio wrote:
> Barney Wolff wrote:
>> NAT is not a security feature,
>
> Many would disagree with that assertion.
Many people are wrong, then. NAT is not a security feature.
Check the list archives of <firewall-wizards at honor.icsalabs.com>...
[ ... ]
>> If you believe you need to NAT at even 1Gb, I'd look
>> very hard at the requirements.
>
> Sadly, requirements are often exogenous.
Nice word. :-)
[ NAT sucks. In a very useful way, of course. Exogenous requirements may
impose unreasonable constraints upon implementing the technically preferrable
solution, just as "inept excess verbiage may disqualify qualifiers". And "But
soft, what light through yonder window breaks?" and other tasty bits from the
"Applesoft Reference Manual".... ]
--
-Chuck
More information about the freebsd-ipfw
mailing list