Differences

This shows you the differences between two versions of the page.

--- linux_router:nftables [2024-06-16 Sun wk24 11:58] – baumkp
+++ linux_router:nftables [2024-06-16 Sun wk24 12:03] – [Router Configuration] baumkp
@@ Line 6: / Line 6: @@
     - Restrict network traffic
     - Forward Network traffic
-    - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action! This is often confused with NAT, NAT is addtional to this!
+    - Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action and primary security action! This is often confused with NAT, NAT is additional to this!
   - NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6
-    - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es).  This obfuscation arguably provides some security. The key security is the restriction of gateway traffic into the LAN. See interesting notes on ths from [[https://www.grc.com/nat/nat.htm|GRC NAT Router Security Solutions]]
+    - NAT obfuscates Local IP addresses behind public addressable WAN IP address(es).  This obfuscation arguably provides some security. The key security is the restriction of gateway traffic into the LAN. See interesting notes on this from [[https://www.grc.com/nat/nat.htm|GRC NAT Router Security Solutions]], note that I do not necessarily agree with NAT being a primary security function.
+    - NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP.  This requires additional services to compensate, e.g. STUN/TURN services.
 Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function.