Stateful firewalls are hardly an architecture. But anyway, this is
an issue for the shim6 list.
Thanks
Brian
On 2009-01-29 12:08, Tony Hain wrote:
> Firewall state assumes that all packets in a stream will have the same
> address. Change the address after state is established and see if the packet
> gets forwarded by the router.
>
> Tony
>
>> -----Original Message-----
>> From: Brian E Carpenter [mailto:[email protected]]
>> Sent: Wednesday, January 28, 2009 2:52 PM
>> To: [email protected]
>> Cc: 'Fred Baker'; 'Christian Huitema'; 'Margaret Wasserman';
>> [email protected]; 'Magnus Westerlund'
>> Subject: Clarification re shim6 [Re: [nat66] Preliminary BOF Request]
>>
>> On 2009-01-29 07:41, Tony Hain wrote:
>> ...
>>> Shim6 was DOA, because it inherently breaks what little security
>>> architecture there is
>> It doesn't break IPsec. Can you clarify what you believe it breaks?
>>
>> Brian
>
>
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
