Le jeudi 2 novembre 2006 22:33, Pekka Savola a écrit : > Indeed. If you look at draft-ietf-behave-udp-08.txt (in RFC editor's > queue), those recommendations very specifically recommend designs > where the inbound packets will be accepted from a wider set of > addresses and ports that would be strictly required (by traditional > apps) by inside-to-outside communication. > I raised this issue during IETF LC, but this was not changed because > p2p-like apps seem to require more relaxed behaviour for easier > interworking. That's ok by me. I personnaly consider that NAT should never be used as a security device, but only to work-around IPv4 shortage, so I don't it being relaxed. If you want security, use a stateful firewall. Combine both if you need to. -- Rémi Denis-Courmont soon graduating http://www.simphalempin.com/home/infos/CV-en.pdf
Attachment:
pgpxJJrUw7t46.pgp
Description: PGP signature