DCCP and legacy firewalls.
Posted Sep 1, 2005 16:19 UTC (Thu) by Duncan
In reply to: Linux gets DCCP
Parent article: Linux gets DCCP
What does DCCP look like to a legacy firewall. You mention that it's
designed to work well with firewalls, but how would I implement "allow"
filters on a default-deny policy firewall, that only understands legacy
protocols? Would DCCP look to it like UDP? IOW, is it UDP with
additional protocol info in what would be the UDP payload, thus recognized
as UDP by legacy routers, or ??? If so, are there NAPT/masquerade
implications similar to those with FTP and various VoIP and security
protocols, or not?
I ask as I run one of those legacy things, one of the first-gen consumer
level NAPT based broadband routers. At some point, I'll likely replace it
with a Linux based appliance and therefore benefit from community firmware
projects, but my old Netgear rt314 has and continues to serve me well, so
why mess with a good thing until I need to?
OTOH, it'll probably be another year or more before there's enough out
there using DCCP in working deployments to be worrisome, particularly if
MSWormOS support lags, and by then I may well have upgraded routers, but
there'll still certainly be others who haven't.
to post comments)