On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote: > Owen DeLong <o...@delong.com> writes: > > The correct answer is "No, you don't have to configure rules, you just need > > one rule supplied by default which denies anything that doesn't have a > > corresponding outbound entry in the state table and it works just like NAT > > without the address mangling". > > They used NAT as an excuse not to let some applications to the > outside.
That's OK, if it's NAT unfriendly, chances are it requires deep packet inspection to make the state tables do the right thing anyway. - Matt -- Skippy was a wallaby. ... Wallabies are dumb and not very trainable... The *good* thing...is that one Skippy looks very much like all the rest, hence..."one-shot Skippy" and "plug-compatible Skippy". I don't think they ever had to go as far as "belt-fed Skippy" -- Robert Sneddon, ASR