nanog mailing list archives
Re: Looking for comments
From: Franck Martin <franck () genius com>
Date: Thu, 22 Jul 2010 16:58:41 +1200 (FJT)
----- Original Message -----
From: "Karl Auer" <kauer () biplane com au> To: nanog () nanog org Sent: Thursday, 22 July, 2010 4:24:59 PM Subject: Re: Looking for comments On Wed, 2010-07-21 at 20:37 -0700, Owen DeLong wrote:I can throw a COTS d-link box withaddress-overloaded NAT on a connection and have reasonably effective network security and anonymity in IPv4. Achieving comparable results in the IPv6 portion of the dual stack on each of those hosts is complicated at best.Actually, it isn't particularly hard at all... Turn on privacy addressing on each of the hosts (if it isn't on by default) and then put a linux firewall in front of them with a relatively simple ip6tables configuration for outbound only.All respect to someone that knows his stuff, and I do realise that the OP mentioned small-scale hardware, but in the wider world (and even the world of home users as seen from the carrier side) any solution that says "do <whatever> on every host" is just not workable. As for the Linux packet filter, that's an exercise for the advanced home user.
On Mac Airport Extreme it is "disallow outside to access internal machines", tick and it is done!
Current thread:
- Looking for comments Fred Baker (Jul 21)
- Re: Looking for comments William Herrin (Jul 21)
- Re: Looking for comments Owen DeLong (Jul 21)
- Re: Looking for comments Karl Auer (Jul 21)
- Re: Looking for comments Franck Martin (Jul 21)
- Re: Looking for comments Owen DeLong (Jul 21)
- Re: Looking for comments Franck Martin (Jul 21)
- Re: Looking for comments Owen DeLong (Jul 21)
- Re: Looking for comments William Herrin (Jul 21)
- Re: Looking for comments William Herrin (Jul 22)
- Re: Looking for comments Owen DeLong (Jul 22)
- Re: Looking for comments William Herrin (Jul 22)
- Re: Looking for comments Brian E Carpenter (Jul 22)
- Re: Looking for comments Nick Hilliard (Jul 22)
- Re: Looking for comments Mark Smith (Jul 22)
- Re: Looking for comments Franck Martin (Jul 22)
- Re: Looking for comments Nick Hilliard (Jul 23)