Re: Hiding NATs with PF
From: Greg Hennessy (me_at_privacy.org)
Date: 09/28/05
- Next message: Greg Hennessy: "Re: Hiding NATs with PF"
- Previous message: Jakub Głazik: "Re: iptraf"
- In reply to: jpd: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 28 Sep 2005 21:15:50 +0100
On 28 Sep 2005 17:29:40 GMT, jpd <read_the_sig@do.not.spam.it.invalid>
wrote:
>> How do they 'enforce' this policy exactly ? I've worked in environments
>> with ridiculous policies because some clueless idiot copied something out
>> of a textbook.
>
>Not to mention the time it would take humans to go out and try and
>detect this.
Quite, and it requires 'specialist' (read expensive) know how to do this.
>> Dictating the network architecture of an external 3rd party would fit the
>> 'ridiculous' category.
>
>Ah, but if the OP is on a campus or something, _his_ network may
>very well be counted part of the network the policy is set for.
That's true.
>
>I know of such networks where there is a strict ``no nat'' policy
>because they don't want to deal with abuse hidden by that and the
>resulting expected gefingerpointing. I can't blame them for their
>motives.
Much easier to police using a default deny policy :-)
greg
-- "Access to a waiting list is not access to health care"
- Next message: Greg Hennessy: "Re: Hiding NATs with PF"
- Previous message: Jakub Głazik: "Re: iptraf"
- In reply to: jpd: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
