On Mon, Apr 15, 2013 at 1:15 PM, Lev Serebryakov <lev_at_freebsd.org> wrote: > Hello, Mark. > You wrote 15 апреля 2013 г., 2:25:07: > >>> Yes! This is the most clever thought in this thread. Why we need 3 >>> firewalls? Two packet filters it's excess too. We have two packet filters: >>> one with excellent syntax and functionality but with outdated bandwidth >>> control mechanism (aka ALTQ); another - with nice traffic >>> shaper/prioritization (dummynet)/classification (diffused) but with >>> complicated implementation in not trivial tasks. May be the next step >>> will be discussion about one packet filter in the system?.. > > MM> ... and as far as I can tell none of them is currently usable > MM> on an IPv6-only FreeBSD (like protecting a host with sshguard), > MM> none of them supports stateful NAT64, nor IPv6 prefix translation :( > IPv6 prefix translation?! AGAIN!? FML. I've thought, that IPv6 will > render all that NAT nightmare to void. I hope, IPv6 prefix translation > will not be possible never ever! > > -- > // Black Lion AKA Lev Serebryakov <lev_at_FreeBSD.org> > Things like ftp-proxy(8) will need address translation even with IPv6. Also certain scrub options require a NAT like functionalities. -KimmoReceived on Mon Apr 15 2013 - 08:26:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC