I disagree with your statement on NAT end-points not being "publicly accessible" -- that's certainly not true, and a myth that needs to be finally killed. The "statefulness" of the NAT gateway handles that -- it's a non-issue. I get really tired of hearing people perpetuate this mistruth. Of course, my comment on this has nothing to do with whatever the original thread was... - ferg -- Florian Weimer <fw@deneb.enyo.de> wrote: [snip] So I put all my customers behind a NAT device (or just a stateful packet filter). They are no longer publicly accessible, and hence not subject to the provisions of this section. Fixing that would probably require companies to open up their corporate networks, which is a non-starter. (I've wondered for quite some time if "net neutrality" implies that Ebay or Google must carry third party traffic on their corporate networks, by the way.) -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/