From owner-freebsd-current@FreeBSD.ORG  Mon Apr 15 10:50:25 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id E33A1BED;
 Mon, 15 Apr 2013 10:50:25 +0000 (UTC) (envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
 [IPv6:2a01:4f8:131:60a2::2])
 by mx1.freebsd.org (Postfix) with ESMTP id A777138F;
 Mon, 15 Apr 2013 10:50:25 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
 [IPv6:2001:470:923f:1:d051:3b46:4a53:4fdc])
 (Authenticated sender: lev@serebryakov.spb.ru)
 by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id 57FF24AC57;
 Mon, 15 Apr 2013 14:50:24 +0400 (MSK)
Date: Mon, 15 Apr 2013 14:50:23 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
Organization: FreeBSD Project
X-Priority: 3 (Normal)
Message-ID: <66408799.20130415145023@serebryakov.spb.ru>
To: Kimmo Paasiala <kpaasial@gmail.com>
Subject: Re: ipfilter(4) needs maintainer
In-Reply-To: <CA+7WWSeXLC6mJXB9zv2p3e1Q-z2Xf3mH9h0SqOmiXWRGLFs4GA@mail.gmail.com>
References: <20130411201805.GD76816@FreeBSD.org>
 <20130414160648.GD96431@in-addr.com>
 <36562.1365960622.5652758659450863616@ffe10.ukr.net>
 <201304150025.07337.Mark.Martinec+freebsd@ijs.si>
 <951943801.20130415141536@serebryakov.spb.ru>
 <CA+7WWSeODqdP1_7MDs6=BiGF+DSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com>
 <195468703.20130415143237@serebryakov.spb.ru>
 <CA+7WWSdbEx7Kbc0WOBNLc-vH19DdKK7L-xORO8SepKcMQR2xEg@mail.gmail.com>
 <621849003.20130415144428@serebryakov.spb.ru>
 <CA+7WWSeXLC6mJXB9zv2p3e1Q-z2Xf3mH9h0SqOmiXWRGLFs4GA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-net@freebsd.org,
 current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: lev@FreeBSD.org
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 10:50:26 -0000

Hello, Kimmo.
You wrote 15 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 14:47:24:

KP> I'm however talking about an ftp client behind a very restrictive
KP> firewall making an IPv6 connection an ftp server that uses passive
KP> mode data ports that can't be known in advance.
  Same solution -- inspection of connections to 21 port, without any
 address translation. And if FTP server uses non-standard control
 port, yes, here is a problem, but it cannot be solved with NAT too
 (or your NAT/firewall should expect each and every connection for FTP
 commands, which is heavy and error-prone task).

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>