From: Derek Fawcus <dfawcus+lists-9fans@employees.org>
To: Christopher Nielsen <cnielsen@pobox.com>
Cc: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] A simple experiment
Date: Thu, 29 Apr 2010 16:42:45 -0700 [thread overview]
Message-ID: <20100429234245.GA87408@willers.employees.org> (raw)
In-Reply-To: <p2ke0ac85f91004291332lb7879bcu965eb31b7d8a6c85@mail.gmail.com>
On Thu, Apr 29, 2010 at 01:32:23PM -0700, Christopher Nielsen wrote:
> It doesn't play well with firewalls, NAT, or deep inspection because
> none of the vendors have added support for it. I tried to get Cisco to
> add IL support back in 2001, but they politely refused.
Add support to what? Also what level of 'support'?
IOS should already support IL in access lists simply by virtue of the
fact that one can specify a numeric IP protocol.
I agree that NAT and stateful firewalls (e.g. 'ip inspect' in IOS)
would need explicit support to understand the packet layout.
But one can always add exceptions to the firewall rules to allow
IL through uninspected. Thats what I do on my IOS routers for
oddball protocols. NAT - it should simply die, until then
run IL over IPv6 and avoid NAT?
next prev parent reply other threads:[~2010-04-29 23:42 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-27 17:38 ron minnich
2010-04-27 17:49 ` erik quanstrom
2010-04-27 18:05 ` Francisco J Ballesteros
2010-04-27 22:20 ` ron minnich
2010-04-27 22:22 ` erik quanstrom
2010-04-27 17:54 ` jake
2010-04-27 17:57 ` John Floren
2010-04-27 17:59 ` erik quanstrom
2010-04-27 18:35 ` John Floren
2010-04-27 18:56 ` Jorden M
2010-04-27 19:03 ` Skip Tavakkolian
2010-04-27 22:23 ` ron minnich
2010-04-28 11:51 ` Steve Simon
2010-04-28 13:18 ` Ethan Grammatikidis
2010-04-28 13:26 ` erik quanstrom
2010-04-28 13:50 ` Ethan Grammatikidis
2010-04-28 14:03 ` erik quanstrom
2010-04-28 15:15 ` Charles Forsyth
2010-04-28 13:20 ` erik quanstrom
2010-04-28 17:52 ` Tim Newsham
2010-04-28 17:57 ` Tim Newsham
2010-04-28 18:00 ` erik quanstrom
2010-04-28 18:42 ` ron minnich
2010-04-28 19:06 ` erik quanstrom
2010-04-28 19:40 ` Russ Cox
2010-04-28 20:36 ` Francisco J Ballesteros
2010-04-28 20:51 ` ron minnich
2010-04-29 13:19 ` Eric Van Hensbergen
2010-04-28 21:05 ` EBo
2010-04-28 21:14 ` ron minnich
2010-04-28 22:06 ` EBo
2010-04-28 21:15 ` Gorka Guardiola
2010-04-28 23:18 ` [9fans] references/citations [was: A simple experiment] EBo
2010-04-28 21:18 ` [9fans] A simple experiment Skip Tavakkolian
2010-04-28 23:04 ` Francisco J Ballesteros
2010-04-29 12:40 ` roger peppe
2010-04-29 12:54 ` David Leimbach
2010-04-29 14:35 ` erik quanstrom
2010-04-29 15:06 ` David Leimbach
2010-04-29 15:24 ` ron minnich
2010-04-29 15:34 ` erik quanstrom
2010-04-29 16:06 ` David Leimbach
2010-04-29 16:09 ` erik quanstrom
2010-04-29 17:08 ` Bakul Shah
2010-04-29 17:20 ` ron minnich
2010-04-29 17:32 ` erik quanstrom
2010-04-30 2:30 ` Anthony Sorace
2010-04-30 4:27 ` erik quanstrom
2010-04-30 10:51 ` hiro
2010-04-30 14:46 ` Anthony Sorace
2010-04-29 17:23 ` erik quanstrom
2010-04-30 3:47 ` Bakul Shah
2010-04-30 5:01 ` erik quanstrom
2010-04-30 15:59 ` Bakul Shah
2010-04-30 16:13 ` erik quanstrom
2010-05-02 21:26 ` Bakul Shah
2010-04-29 18:52 ` Lyndon Nerenberg
2010-04-29 19:03 ` erik quanstrom
2010-04-29 19:54 ` Skip Tavakkolian
2010-04-29 19:58 ` erik quanstrom
2010-04-29 20:25 ` erik quanstrom
2010-05-03 11:34 ` Akshat Kumar
2010-04-29 19:47 ` Skip Tavakkolian
2010-04-29 17:48 ` Tim Newsham
2010-04-29 17:59 ` David Leimbach
2010-04-29 18:41 ` Skip Tavakkolian
2010-04-29 18:42 ` David Leimbach
2010-04-29 19:48 ` Skip Tavakkolian
2010-04-29 19:44 ` C H Forsyth
2010-04-29 19:58 ` Skip Tavakkolian
2010-04-29 20:41 ` David Leimbach
2010-04-29 14:22 ` erik quanstrom
2010-04-29 14:36 ` David Leimbach
2010-04-29 14:43 ` erik quanstrom
2010-04-29 15:03 ` David Leimbach
2010-04-29 15:16 ` ron minnich
2010-04-29 15:25 ` Eric Van Hensbergen
2010-04-29 18:24 ` EBo
2010-04-29 15:06 ` Gabriel Díaz
2010-04-29 20:32 ` Christopher Nielsen
2010-04-29 20:40 ` erik quanstrom
2010-04-29 22:39 ` Christopher Nielsen
2010-04-29 20:45 ` hiro
2010-04-29 23:42 ` Derek Fawcus [this message]
2010-04-29 23:57 ` erik quanstrom
2010-04-30 9:44 ` Charles Forsyth
2010-04-29 15:18 ` ron minnich
2010-04-27 22:21 ` ron minnich
2010-04-27 21:36 ` Federico G. Benavento
2010-04-27 21:54 ` EBo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100429234245.GA87408@willers.employees.org \
--to=dfawcus+lists-9fans@employees.org \
--cc=9fans@9fans.net \
--cc=cnielsen@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).