On 2014-07-29 0:07, Kevin Oberman wrote:

And all IPv6 NAT is evil and should be cast into (demonic residence of your
choosing) on sight!

NAT on IPv6 serves no useful purpose at all. It only serves to complicate
things and make clueless security officers happy. It adds zero security. It
is a great example of people who assume that NAT is a security feature in
IPv4 (it's not) so it should also be in IPv6.
> So putting support for NAT66 or any IPv6 NAT into a firewall is just > making things worse. Please don't do it!

Well said....

I'm actually rather relieved that natd can/should go away.

Stops giving me migraines with all those special protocl cases that don't like to be natted.. Which of course started as early as FTP.


freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to