nanog mailing list archives
Re: Requirements for IPv6 Firewalls
From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 18 Apr 2014 22:04:35 -0400
On 4/18/2014 9:53 PM, Dobbins, Roland wrote:
On Apr 19, 2014, at 1:20 AM, William Herrin <bill () herrin us> wrote:There isn't much a firewall can do to break it.As someone who sees firewalls break the Internet all the time for those whose packets have the misfortune to traverse one, I must respectfully disagree.
If end-to-end connectivity is your idea of "the Internet", then a firewall's primary purpose is to break the Internet. It's how we provide access control. If a firewall blocks "legitimate, authorized" access then perhaps it adds to breakage (PMTU, ICMP, other blocking) but otherwise it works. As to address the other argument in this threat on NAT / private addressing, PCI requirement 1.3.8 pretty much requires RFC1918 addressing of the computers in scope... has anyone hinted at PCI for IPv6? Jeff
Current thread:
- Re: Requirements for IPv6 Firewalls, (continued)
- Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
- Re: Requirements for IPv6 Firewalls Jim Clausing (Apr 18)
- Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
- Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
- Re: Requirements for IPv6 Firewalls Ćukasz Bromirski (Apr 19)
- Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 19)
- Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 19)
- Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
- Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 20)