Hi all, just a few words out of the strange land that retired netfilter hackers go to: 1) I am quite at ease not participating in netfilter/iptables anymore while the discussion about IPv6 NAT becomes an issue again: I always indicated "over my dead body", and now that I am no longer in charge, nobody will have to kill me ;) 2) I agree that there has been a lot of improvement between the abomination of what we are doing in IPv4 NAT and what is described in RFC6296. 3) For any netfilter integration, I would strongly suggest something that does not carry aroudn with it the burden of connection tracking, but rather something stateless. Or at least have the conntrack dependency optional. If there's no need for sophisticated state tracking as per the RFC, then don't make it a hard/mandatory dependency. ... and now I'll happily retire again to GSM land ... Regards, Harald -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature
