Addressing plan exercise for our IPv6 course

Matthew Palmer mpalmer at hezmatt.org
Mon Jul 26 05:07:02 UTC 2010


On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote:
> Owen DeLong <owen at delong.com> writes:
> > The correct answer is "No, you don't have to configure rules, you just need
> > one rule supplied by default which denies anything that doesn't have a
> > corresponding outbound entry in the state table and it works just like NAT
> > without the address mangling".
> 
> They used NAT as an excuse not to let some applications to the
> outside. 

That's OK, if it's NAT unfriendly, chances are it requires deep packet
inspection to make the state tables do the right thing anyway.

- Matt

-- 
Skippy was a wallaby. ... Wallabies are dumb and not very trainable...  The
*good* thing...is that one Skippy looks very much like all the rest,
hence..."one-shot Skippy" and "plug-compatible Skippy".  I don't think they
ever had to go as far as "belt-fed Skippy" 	-- Robert Sneddon, ASR




More information about the NANOG mailing list