On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote:
Owen DeLong <owen@delong.com> writes:
The correct answer is "No, you don't have to configure rules, you just need one rule supplied by default which denies anything that doesn't have a corresponding outbound entry in the state table and it works just like NAT without the address mangling".
They used NAT as an excuse not to let some applications to the outside.
That's OK, if it's NAT unfriendly, chances are it requires deep packet inspection to make the state tables do the right thing anyway. - Matt -- Skippy was a wallaby. ... Wallabies are dumb and not very trainable... The *good* thing...is that one Skippy looks very much like all the rest, hence..."one-shot Skippy" and "plug-compatible Skippy". I don't think they ever had to go as far as "belt-fed Skippy" -- Robert Sneddon, ASR