On Tue, 2020-12-29 at 08:32 -0600, Chris Adams wrote:
There is no NAT for IPv6, but that's a feature. NAT doesn't
really
add any security; NAT is a combination of two things: a stateful
firewall (which gives you the protection) and a packet mangler (which
causes no end of problems). You can still have a stateful firewall
with IPv6, you just don't need the packet mangler anymore.
That's the first time I've ever seen anyone say a stateful firewall is
a part of NAT. Sure, systems may have both, but I wouldn't call one
part of the other. I've certainly used systems with NAT, going back to
Win98SE days, that had no firewall.
The fact that NAT doesn't know what to do with surprise incoming
connections doesn't make it a firewall, just unconfigured networking.
While that brokenness may be beneficial to many people, it's not
something to rely on. I've seen modem-routers that (un)helpfully
forwarded all unexpected incoming network attempts to a PC behind NAT.
It was their attempt at un-breaking the many communication protocols
that instant messaging and gaming used that didn't work well
through NAT. Quite how it was going to determine which of your PCs to
forward it through to I don't know.
--
uname -rsvp
Linux 3.10.0-1160.11.1.el7.x86_64 #1 SMP Fri Dec 18 16:34:56 UTC 2020 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.