Re: Pointer for documentation on actually delivering IPv6

[Pete Carah <pete () altadena net>]

On 12/10/2010 12:52 AM, Wil Schultz wrote:
> On Dec 9, 2010, at 9:39 PM, George Bonser wrote:
>
> > > > Speaking of IPV6 security, is there any movement towards any open
> > > source
> > > > IPV6 firewall solutions for the consumer / small business?
> > > >
> > > > Almost all the info I've managed to find to date indicates no
> > > support, nor
> > > > any planned support in upcoming releases.
> > > >
> > > > Any info would be helpful.
> > > monowall and openwrt (both for embedded routers support v6 without
> > > drama.
> > I believe Shorewall does too, now.
> FreeBSD w/ PF seems to work great as well. :-)
I'll second that; for 8-12 mbit with no vlans it even runs fine on a
Soekris 4801 (I have 2 4801's and a 5500 (which has a fairly complicated
internal vlan-based network and a 20meg external connection) doing
normal nat + HE tunnel to native v6 internally.  Since my boss got win7
going there is plenty of exercise for the v6 path.  I suspect the OP
wants a consumer-level gui though, which plain fbsd doesn't do, and
there are some tricky parts to v6 pf configuration to handle ra and ndp
(which I hope will get documented someday - 2 extra pass rules that you
wouldn't expect to need).  One of these days we will get native v6
coming in (hint, comcast :-)

-- Pete
> -wil