On Tue, Dec 17, 2013 at 9:01 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Indeed. You can configure those two NATs to make them more > hole-punching friendly by dropping UDP packets to local closed ports, > so that conntrack entry won't be created. Yes. But it requires the explicit configuration. Why not make it work by default, although it may fail in some situation? Less is better than none, isn't it? Thanks. -- Regards, Changli Gao(xiaosuo@xxxxxxxxx) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
