----- Original Message ----- > From: "Jon Lewis" <jle...@lewis.org>
> There's an awful lot of inertia in the "NAPT/firewall keeps our hosts > safe from the internet" mentality. Sure, a stateful firewall can be > configured allow all outbound traffic and only connected/related > inbound. > When someone breaks or shuts off that filter, traffic through the NAPT > firewall stops working. On the stateful firewall with public IPs on > both sides, everything works...including the traffic you didn't want. Precisely. This is the crux of the argument I've been trying, rather ineptly, to make: when it breaks, *which way does it fail*. NAT fails safe, generally. > People are going to want NAT66...and not providing it may slow down > IPv6 adoption. You're using the future tense there, Jon; are you sure you didn't mean to use the present? Or the past...? Cheers, -- jra
