BBC News - 'Fresh proposals' planned over cyber-monitoring
igb at batten.eu.org
Mon May 13 22:30:01 BST 2013
On 13 May 2013, at 18:45, Florian Weimer <fw at deneb.enyo.de> wrote:
> Similarly, I don't think we want our fridges to be reachable from the
> public Internet at large, just because it happens to have an IPv4
> address for our own (personal) use.
I don't buy that argument. It's trivially easy for routers to have a default-block firewall rule with outbound state tracking, which mimics the security semantics of NAT.
> pass out quick on ip.tun1 from any to any keep state
> block in quick on ip.tun1 from any to any
That does, however, permit those of us that do want access to our internal machines to do so as well. NAT and firewalling are different, and using the one as a hacky way of doing the other is assuming that everyone's requirement for both run in lockstep.
More information about the ukcrypto