begin quoting Tracy R Reed as of Mon, Apr 17, 2006 at 06:53:41PM -0700: > Stewart Stremler wrote: > >Complaints about NAT making things too hard to accomplish $FOO are so > >much smoke -- if taking that extra step to make NAT work is Too Much > >Effort, then it's also Too Much Effort to make it work with a firewall. > > Punching a hole in the firewall for a certain port to a certain IP is > very much a different problem than trying to deal with port numbers > changing beneath you.
'Tisn't. Ephemeral server sockets suck for security. So you disallow 'em. No more port numbers "changing beneath you". See? Easy. Like I said... smoke. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
