From: Patrick McHardy <kaber@trash.net>
To: Jing Min Zhao <zhaojingmin@hotmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [H.323 Helper 1/3]: Add support for Call Forwarding
Date: Wed, 26 Apr 2006 22:21:35 +0200 [thread overview]
Message-ID: <444FD64F.5020002@trash.net> (raw)
In-Reply-To: <BAY109-DAV107DE91F0E0B272EC778E4B3BC0@phx.gbl>
Jing Min Zhao wrote:
>>>>I definitely don't like the internal_net module option. I know its not
>>>>strictly required, more an optimization, but still limiting this to only
>>>>one network is not a good idea. We may be able to use the routing
>>>>information as indication whether we need an expectation or not .. but
>>>>I need think about it some more.
>>>>
>>>>
>>>
>>>I also want such a solution deadly, but I can't figure out a way.
>>>Actually, the only question is how can a firewall tell that any two
>>>endpoints can talk with each other directly without passing though it.
>>>Any suggestion for this will be greatly appreciated.
>>
>>There is no general way to do this, but we I think we can take a good
>>guess for the common case of no weird NATing etc based on the nexthop
>>information we get from fib_lookup(). I think an assumption that is
>>true for most cases is that if the nexthop information is identical,
>>the two endpoints can reach each other without our help. It needs to
>>be optional of course. What do you think about this?
>>
>>
>
> This is a good idea, and it's probably the best that a firewall can do.
> I'll think about it.
BTW, I can give you some help implementing this if you need.
next prev parent reply other threads:[~2006-04-26 20:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-24 3:40 [H.323 Helper 1/3]: Add support for Call Forwarding Jing Min Zhao
2006-04-26 13:48 ` Patrick McHardy
2006-04-26 14:33 ` Jing Min Zhao
2006-04-26 16:49 ` Patrick McHardy
2006-04-26 18:06 ` Jing Min Zhao
2006-04-26 20:20 ` Patrick McHardy
2006-04-26 20:21 ` Patrick McHardy [this message]
2006-04-26 21:15 ` Jing Min Zhao
2006-04-27 19:57 ` Patrick McHardy
2006-04-28 15:07 ` Jing Min Zhao
2006-04-28 15:13 ` Patrick McHardy
2006-05-20 3:23 ` Patrick McHardy
2006-05-20 4:10 ` Jing Min Zhao
2006-05-01 17:51 ` imap.netfilter.org (was Re: [H.323 Helper 1/3]: Add support for Call Forwarding) Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=444FD64F.5020002@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@lists.netfilter.org \
--cc=zhaojingmin@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.