And maybe I'm just dense, but ho one has been able to tell me how I accomplish this in IPv6 without NAT, I have the requirement in certain circumstances to transparently redirect all outbound DNS (well, on TCP or UDP port 53) and/or SMTP (TCP ports 25 and 587) to my own servers. No, simply blocking it at the firewall and making the user "fix" the problem is not an option (especially when the problem is created by malware). It is a simple rule in IPTABLES for IPv4, but how do I accomplish it in IPv6? Not flaming or anything, but I really want to know how I'm supposed to accomplish that in the ideal IPv6 world with no NAT? -- Jim Clausing GIAC GSE #26, GREM(G), CISSP GPG fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D On or about Fri, 18 Apr 2014, Simon Perreault pontificated thusly:
Le 2014-04-18 14:57, William Herrin a écrit :
Excluding references and remarks RFC 6888 is 8 pages long with 15 total requirements. Short.
Given the trend toward ever-fluffier RFCs, I'll take that as a compliment. :)
I'll let the firewall document's authors speak for themselves about their document's purpose. In the abstract, they said: ''This has typically been a problem for network operators, who typically have to produce a "Request for Proposal" from scratch that describes such features.''
That says, "discriminator for potential purchases" to me. What's your take?
I agree with your interpretation, and I disagree with the intent.
I agree that a "don't break the Internet' firewall requirements document could have utility. But that doesn't appear to be this document. And if done well, such a document would be short just like RFC 6888.
Full agreement.
Simon