Addressing plan exercise for our IPv6 course
Matthew Palmer
mpalmer at hezmatt.org
Mon Jul 26 05:07:02 UTC 2010
On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote:
> Owen DeLong <owen at delong.com> writes:
> > The correct answer is "No, you don't have to configure rules, you just need
> > one rule supplied by default which denies anything that doesn't have a
> > corresponding outbound entry in the state table and it works just like NAT
> > without the address mangling".
>
> They used NAT as an excuse not to let some applications to the
> outside.
That's OK, if it's NAT unfriendly, chances are it requires deep packet
inspection to make the state tables do the right thing anyway.
- Matt
--
Skippy was a wallaby. ... Wallabies are dumb and not very trainable... The
*good* thing...is that one Skippy looks very much like all the rest,
hence..."one-shot Skippy" and "plug-compatible Skippy". I don't think they
ever had to go as far as "belt-fed Skippy" -- Robert Sneddon, ASR
More information about the NANOG
mailing list