Performance improvement for NAT in IPFIREWALL
Michael Sierchio
kudzu at tenebras.com
Wed Jul 2 14:38:26 PDT 2003
Chuck Swiger wrote:
> Many people are wrong, then. NAT is not a security feature.
We simply disagree.
> [ NAT sucks. In a very useful way, of course. Exogenous requirements
> may impose unreasonable constraints upon implementing the technically
> preferrable solution, just as "inept excess verbiage may disqualify
> qualifiers". And "But soft, what light through yonder window breaks?"
> and other tasty bits from the "Applesoft Reference Manual".... ]
Yep, NAT sucks. Exogenous requirements are often generated by marketing
fools who think we need to match a technically trivial and meaningless
feature in someone else's product. However, twenty some odd years of
software engineering has taught me to pick my fights ;-)
Back to the original topic -- divert functionality for ng_ksocket?
Useful for much more than nat.
More information about the freebsd-ipfw
mailing list