Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Apr 2013 13:26:40 +0300
From:      Kimmo Paasiala <kpaasial@gmail.com>
To:        lev@freebsd.org
Cc:        Mark Martinec <Mark.Martinec+freebsd@ijs.si>, freebsd-net@freebsd.org, current@freebsd.org
Subject:   Re: ipfilter(4) needs maintainer
Message-ID:  <CA%2B7WWSeODqdP1_7MDs6=BiGF%2BDSR62w21uu4hS3PtTDBkmshsg@mail.gmail.com>
In-Reply-To: <951943801.20130415141536@serebryakov.spb.ru>
References:  <20130411201805.GD76816@FreeBSD.org> <20130414160648.GD96431@in-addr.com> <36562.1365960622.5652758659450863616@ffe10.ukr.net> <201304150025.07337.Mark.Martinec%2Bfreebsd@ijs.si> <951943801.20130415141536@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Apr 15, 2013 at 1:15 PM, Lev Serebryakov <lev@freebsd.org> wrote:
> Hello, Mark.
> You wrote 15 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 2:25:07:
>
>>> Yes! This is the most clever thought in this thread. Why we need 3
>>> firewalls? Two packet filters it's excess too. We have two packet filte=
rs:
>>> one with excellent syntax and functionality but with outdated bandwidth
>>> control mechanism (aka ALTQ); another - with nice traffic
>>> shaper/prioritization (dummynet)/classification (diffused) but with
>>> complicated implementation  in not trivial tasks. May be the next step
>>> will be discussion about one packet filter in the system?..
>
> MM> ... and as far as I can tell none of them is currently usable
> MM> on an IPv6-only FreeBSD (like protecting a host with sshguard),
> MM> none of them supports stateful NAT64, nor IPv6 prefix translation :(
>  IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will
> render all that NAT nightmare to void. I hope, IPv6 prefix translation
> will not be possible never ever!
>
> --
> // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
>

Things like ftp-proxy(8) will need address translation even with IPv6.
Also certain scrub options require a NAT like functionalities.

-Kimmo

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSeODqdP1_7MDs6=BiGF%2BDSR62w21uu4hS3PtTDBkmshsg>