Re: IPv4 flag day

[William Herrin via NANOG <nanog () lists nanog org>]

On Thu, Jun 18, 2026 at 7:29 AM Marco Moock via NANOG
<nanog () lists nanog org> wrote:
> Am 18.06.26 um 11:06 schrieb William Herrin via NANOG:
> > Hate on it all you want, 1:many NAT renders my internal network not
> > just inaccessible from the Internet but inaddressible as well.
>
> What you are looking for is called SPI firewall.

Hi Marco,

I'm almost never looking for a stateful packet inspector that isn't
doing NAT.  Stateful gives it most of the same drawbacks of NAT
without the benefit of making my internal network inaddressible from
outside. But YMMV: a lot of folks don't have the comfort level with
stateless packet filters that I do, and SPIs do offer some additional
protection to hosts intended to be reached from the Internet.

Regards,
Bill Herrin


-- 
For hire. https://bill.herrin.us/resume/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WLKYEEUVSPMOGL67IABZYXW5V6O5OPZY/