| ▲ | inigyou 3 hours ago | |
Yes. Letting anyone talk to anyone was the point of the internet. It's been co-opted by these massive centralising forces and you know what? They're right. With IPv4 everything has to be centralised, we don't even have the faintest chance to avoid it. With IPv6 at least we have a chance to take it back. Some people will mention stateful firewalls. They're pretty easy to holepunch through because you just need each side to send a packet to the other, then each firewall sees it as an outgoing connection and allows it. It's nothing like IPv4 NAT. | ||
| ▲ | somat an hour ago | parent [-] | |
The comparison between a statefull firewall and NAT is often because they feel like they are doing the same thing from a mechanical point of view. For example here is how to achieve the same result in PF, note the single additional operator needed to specify nat. block in on $EXT_IF #NAT pass in on $INT_IF to any rdr-to $EXT_IF #statefullfirewall pass in on $INT_IF to any | ||