First, a meta-comment:
What I fear is that in the end, nothing gets done because having the goal
set to perfection. If there is no energy to drive through the
L3-independent connecting tracking, the end result is that the user does
not have this feature (remember ip6tables REJECT target? That must have
been sitting in netfilter for some 2+ years, and not having been
integrated in the mainline kernel and the users still do not have the
feature!).
So, my personal take is:
- if a L3-independent conn tracking can be done *quickly*, fine,
- if not, just merge the current one, start working on L3 independent
conn tracking, and add it when available.
.. but I'm not the one who's answering the support emails, so in all
fairness, I should be silent now..
Two questions/comments inline:
On 25 Sep 2003, Andras Kis-Szabo wrote:
[...]
> Your FTP code uses EPSV and EPRT from rfc2428. What's about the FOOBAR
> RFC (1639)? OK, it's a joke :)
> Could we open an IPv4 data connection next to the IPv6 controll
> connection?
What about LPRT and LPSV?
Btw, I would appreciate any comments regarding my draft documenting some
IPv6-related Firewalling issues (some certainly come up when
implementing):
http://www.ietf.org/internet-drafts/draft-savola-v6ops-firewalling-01.txt
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|