nanog mailing list archives
Re: quietly....
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Thu, 3 Feb 2011 10:09:00 GMT
Some applications will still require ALG functionality (or modification) to manage the state in the stateful firewall.
This is where I think the end to end mantra has lead us astray. The users do not care, they just want stuff to work despite security and other real world complexities that have been handled with ALG, SPF and NAT (I agree NAT as bodged on v4 is evil)
There might be some additional signaling required between the host and the firewall in order to let the firewall know
If v6 had allowed for indirect end to end, such as with SOCKS, then people who want ALG, SPF, NAT could do them without having to infer intent and end up breaking apps. brandon
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Jared Mauch (Feb 01)
- Re: quietly.... Jack Bates (Feb 01)
- Re: quietly.... Jared Mauch (Feb 01)
- Re: quietly.... Brandon Butterworth (Feb 02)
- Re: quietly.... Tim Franklin (Feb 02)
- Re: quietly.... Tony Finch (Feb 02)
- Re: quietly.... Brandon Butterworth (Feb 02)
- Re: quietly.... Jimmy Hess (Feb 02)
- Re: quietly.... Derek J. Balling (Feb 03)
- RE: quietly.... Jamie Bowden (Feb 03)
- Re: quietly.... Jimmy Hess (Feb 02)
- Re: quietly.... Brandon Butterworth (Feb 03)
- Re: quietly.... Brandon Butterworth (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Pekka Savola (Feb 04)
- Re: quietly.... Jay Ashworth (Feb 13)