Le mercredi 11 avril 2007 20:21, james woodyatt a écrit : > > And then, IPv6 is completely useless, since it has the exact same > > connectivity problems as IPv4+NAT: outbound TCP works; UDP works > > through hole punching if you know the peer address/port. Inbound > > TCP does not work (so COMEDIA SIP does not), unsolicited UDP does > > not work. So IPv6 becomes pretty useless, while it remains very > > costly an upgrade. > > Unless we do something. I'm proposing that we consider extending > ICMP to support automatically opening pinholes in the default > gateway's stateful packet filter. Does anybody have any alternative > to consider? I guess everybody agrees that stateful firewalling won't go away with IPv6, whether one likes it or not (I'm obviously not a big fan of them). That kills the "no firewall so no problem" alternative. Then, the only alternatives are the big broken heavyweight solution (à la UPnP) ;) I definitely prefer the lightweight one that actually works. -- Rémi Denis-Courmont http://www.remlab.net/
Attachment:
pgp4HdyqF5o5T.pgp
Description: PGP signature