[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> Some applications will still require ALG functionality (or modification)
> to manage the state in the stateful firewall.

This is where I think the end to end mantra has lead us astray.

The users do not care, they just want stuff to work despite security
and other real world complexities that have been handled with ALG, SPF
and NAT (I agree NAT as bodged on v4 is evil)

> There might be some additional signaling required between the host
> and the firewall in order to let the firewall know

If v6 had allowed for indirect end to end, such as with SOCKS, then
people who want ALG, SPF, NAT could do them without having to infer
intent and end up breaking apps.