nanog mailing list archives

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

From: Mikael Abrahamsson <swmike () swm pp se>
Date: Fri, 11 Dec 2009 15:10:05 +0100 (CET)

On Fri, 11 Dec 2009, Simon Perreault wrote:

We have thus come to the conclusion that there shouldn't be a NAT-likefirewall in IPv6 home routers.

No, the conclusion is that for IPv6 there should be something that behavesmuch like current IPv4 NAT boxes, ie do stateful firewalling and only letinternal computers initiate conenctions outgoing, do protocol sniffing forallowing incoming new connections, and use some uPNP like method to dotemporary firewall openings.

This is the social contract of the current home gateway ecosystem, andintiially IPv6 devices need to replicate this.

Last I checked, this was the conclusion of multiple IPv6 relatedIETF working groups, check out "homegate" and "v6ops" WGs for instance.


--
Mikael Abrahamsson    email: swmike () swm pp se

Current thread:

Re: Consumer Grade - IPV6 Enabled Router Firewalls., (continued)
- - - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 10)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 10)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Valdis . Kletnieks (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 12)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mikael Abrahamsson (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 13)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Michael Loftis (Dec 13)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. gordon b slater (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mohacsi Janos (Dec 14)

(Thread continues...)