Darren Reed wrote: > A new RFC has been published with requirements for NATs: > > http://www.rfc-editor.org/rfc/rfc4787.txt > > Which requirements do people think are important to IPFilter, > where they actually apply?
I think section 9 is really important. Though, it's more related to filtering than NAT, but it's talking about letting ICMP 3/4 (destination unreachable) through. I've voiced this before on this list, but 'keep state' should allow ICMP related to the connection - particularly 3/4 - through. -- Phil Dibowitz [EMAIL PROTECTED] Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
