Comment by klabb3
10 hours ago
No I don’t think it does. But I am using it in user space[1] successfully with no packet forging. I believe the outbound attempt (SYN) creates a mapping, and even if that conn is blocked on the other end, the inbound conn (SYN but in the other direction) is allowed.
Again, maybe packet forging is needed for some routers/middleboxes/firewalls, since careful inspection would show that the conns are technically independent. If you have any details about this, please let me know! (Networking is difficult to test.)
No comments yet
Contribute on Hacker News ↗