|
||||||||||
I was going to ask about the same feature. I don't think that this is quite uPNP as the rule would have to be manually configured - it could not be dynamically requested by a host. What we need is the ability to define an outbound trigger port which would automatically NAT predefined inbound ports to the source host. So, for example, if host A initiates an outbound connection to port X, then inbound port Y would be NATted to host A. When host A closes the connection to port X, then the inbound port Y would cease to NAT back to host A. Then, if host B initiates an outbound connection to port X, then inbound port Y would be NATted to host B. > On 8/4/05, Thomas Sprinzing <thomas at sprinzing dot org> wrote: > > > > is there any interest, idea, plan to implement port triggering in m0n0wall? > > > > the technical name for such a thing is uPNP. I've explained why it's > worthless and dangerous on the pfsense list in the following thread, > so I won't repeat myself here. > http://www.mail-archive.com/support%40pfsense.com/msg00125.html > > One reply: > http://www.mail-archive.com/support%40pfsense.com/msg00127.html > > One comment on that reply, I'd say it's a huge risk in any > environment, not just corporate. Think worms, viruses, trojans, and > other malware that could open a port in your firewall so outside > attackers could talk directly to whatever junk is on your machine(s). > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |