From owner-freebsd-current@FreeBSD.ORG Mon Apr 15 10:41:28 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 92ECF55A for ; Mon, 15 Apr 2013 10:41:28 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by mx1.freebsd.org (Postfix) with ESMTP id 2FFBB2C7 for ; Mon, 15 Apr 2013 10:41:28 +0000 (UTC) Received: by mail-wi0-f171.google.com with SMTP id hn17so1382666wib.16 for ; Mon, 15 Apr 2013 03:41:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=wN9saBo9L0yjdLjr5QZ8q61h4csgu7wLxkrN8AZVvbU=; b=koukZD7Ji96EJwPHG3sjMqMClWZzKO6y31fTigoIeuTBWMysePiwiYCMAVMuds1IGX z4I799Z6K7c+epyXBHIalJsOk2jRiGoGtfSjxJ8NuijfQHXl6hRbx6T836c5EoWY/TMK L95Vegln1YECno/dMX0rAgyZM6mPNvGMxzdboE8vTweVpWhv3+x2TIeBKczAuoV3gNJU DZ9owkMU4ADrMEYoTXDBeJS1XGujSku9gcxHpB6iVfyOEwHXkD22/jX3dSYZ8fxRHloY LAikVrsBdBNAAGte9rFgVfyBTWz+wDlO6VnCb7gm67Jtk68TviUNEExHvLPqG6e12uby nl5Q== MIME-Version: 1.0 X-Received: by 10.180.97.233 with SMTP id ed9mr10841255wib.32.1366022487283; Mon, 15 Apr 2013 03:41:27 -0700 (PDT) Received: by 10.216.139.72 with HTTP; Mon, 15 Apr 2013 03:41:27 -0700 (PDT) In-Reply-To: <20130415103801.GA21132@zxy.spb.ru> References: <20130411201805.GD76816@FreeBSD.org> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <201304150025.07337.Mark.Martinec+freebsd@ijs.si> <951943801.20130415141536@serebryakov.spb.ru> <20130415103801.GA21132@zxy.spb.ru> Date: Mon, 15 Apr 2013 13:41:27 +0300 Message-ID: Subject: Re: ipfilter(4) needs maintainer From: Kimmo Paasiala To: Slawa Olhovchenkov Content-Type: text/plain; charset=UTF-8 Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 10:41:28 -0000 On Mon, Apr 15, 2013 at 1:38 PM, Slawa Olhovchenkov wrote: > On Mon, Apr 15, 2013 at 02:15:36PM +0400, Lev Serebryakov wrote: > >> >> Yes! This is the most clever thought in this thread. Why we need 3 >> >> firewalls? Two packet filters it's excess too. We have two packet filters: >> >> one with excellent syntax and functionality but with outdated bandwidth >> >> control mechanism (aka ALTQ); another - with nice traffic >> >> shaper/prioritization (dummynet)/classification (diffused) but with >> >> complicated implementation in not trivial tasks. May be the next step >> >> will be discussion about one packet filter in the system?.. >> >> MM> ... and as far as I can tell none of them is currently usable >> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard), >> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :( >> IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will >> render all that NAT nightmare to void. I hope, IPv6 prefix translation >> will not be possible never ever! > > You disallow anonymization? NAT do anonymisation also. > _______________________________________________ Please stop it already, NAT has never done any real anonymisation. it's just one of the myths that just refuse to die. Use a real anonymiser like Tor if you want to keep your identity hidden. -Kimmo