| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Aug 2012 20:06:59 +0200 (MEST) From: Patrick McHardy <kaber@...sh.net> To: Andre Tomt <andre@...t.net> cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 00/19] netfilter: IPv6 NAT On Sat, 25 Aug 2012, Andre Tomt wrote: > On 25. aug. 2012 02:58, Andre Tomt wrote: >> On 09. aug. 2012 22:08, kaber@...sh.net wrote: >>> The following patches contain an updated version of IPv6 NAT against >>> Linus' current tree. >> >> Hmmm. Looking in my crystal ball (hi #ipv6!), I predict that if this >> lands in mainline - and thus in consumer CPE/routers eventually - many >> ISP's will have little incentive to actually implement assigning of >> blocks to their consumer users like they "have to" today. >> >> We have this wonderful chance of fixing a major problem with todays >> internet, but now we are going down this very slippery slope. >> >> I do need this code for a experimental project myself, and acknowledge >> there may be some valid use cases, but I do not like the global >> implications one bit. >> >> At least some big fat warnings please? > > Clarification: This is about the NAT66 port-based 1:n NAT targets. We can certainly add a warning to the Kconfig text or (better) the iptables manpage. But only a very small percentage of people who might end up (unknowingly) using this will ever see them. Feel free to send a patch though. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists