nanog mailing list archives
Re: NAT firewall for IPv6?
From: Octavio Alvarez <octalnanog () alvarezp org>
Date: Tue, 5 Jul 2016 12:47:36 -0700
On 07/01/2016 07:28 PM, Edgar Carver wrote:
Is there some kind of NAT-based IPv6 firewall I can setup on the router that can help block viruses?
You need layer-7 firewalls for this. NAT-based "firewalls" (pseudo-firewalls, really) are layer-4 only. Those will not help you block typical viruses, as people will usually get infected from connecting to a compromised Website, or from an e-mail attachments. And even more, if connections are encrypted, an L7 firewall will not be able to do anything (whether IPv4 or v6) unless... better not open a can of worms. They will just help you block *some* attack vectors, though: those that rely on starting connections to your hosts from the outside. My guess is that, with regard to e-mail attachments and compromised Websites, IPv4 hosts are still attacked more than IPv6 ones, so, even if you turn off IPv6 you will still get attacked through IPv4. Everything else has been already said by others: fixing the Palo Alto is still your best bet. Good luck!
Current thread:
- Re: NAT firewall for IPv6?, (continued)
- Re: NAT firewall for IPv6? Valdis . Kletnieks (Jul 05)
- Re: NAT firewall for IPv6? Bruce Curtis (Jul 05)
- RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
- Re: NAT firewall for IPv6? Brielle Bruns (Jul 05)
- Re: NAT firewall for IPv6? A . L . M . Buxey (Jul 05)
- Re: NAT firewall for IPv6? Spencer Ryan (Jul 05)
- Re: NAT firewall for IPv6? Valdis . Kletnieks (Jul 05)
- Re: NAT firewall for IPv6? Spencer Ryan (Jul 05)
- Re: NAT firewall for IPv6? A . L . M . Buxey (Jul 05)
- Re: NAT firewall for IPv6? Spencer Ryan (Jul 05)
- Re: NAT firewall for IPv6? Valdis . Kletnieks (Jul 05)
- Re: NAT firewall for IPv6? Tom Beecher (Jul 05)
- Re: NAT firewall for IPv6? Octavio Alvarez (Jul 05)
- Re: NAT firewall for IPv6? Baldur Norddahl (Jul 05)
- RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
- Re: NAT firewall for IPv6? Chase Christian (Jul 05)
- Re: NAT firewall for IPv6? Eric Kuhnke (Jul 05)
- Re: NAT firewall for IPv6? Baldur Norddahl (Jul 05)
- Re: NAT firewall for IPv6? Stephen Strowes (Jul 08)
- Re: NAT firewall for IPv6? Larry Sheldon (Jul 05)