nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: Jeff Kell <jeff-kell () utc edu>
Date: Fri, 18 Apr 2014 22:04:35 -0400

On 4/18/2014 9:53 PM, Dobbins, Roland wrote:

On Apr 19, 2014, at 1:20 AM, William Herrin <bill () herrin us> wrote:

There isn't much a firewall can do to break it.

As someone who sees firewalls break the Internet all the time for those whose packets have the misfortune to traverse 
one, I must respectfully disagree.


If end-to-end connectivity is your idea of "the Internet", then a
firewall's primary purpose is to break the Internet.  It's how we
provide access control.

If a firewall blocks "legitimate, authorized" access then perhaps it
adds to breakage (PMTU, ICMP, other blocking) but otherwise it works.

As to address the other argument in this threat on NAT / private
addressing, PCI requirement 1.3.8 pretty  much requires RFC1918
addressing of the computers in scope...  has anyone hinted at PCI for IPv6?

Jeff

Current thread:

Re: Requirements for IPv6 Firewalls, (continued)
- - - Re: Requirements for IPv6 Firewalls Mike Hale (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jim Clausing (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jeff Kell (Apr 18)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 18)
    - Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
    - Re: Requirements for IPv6 Firewalls Łukasz Bromirski (Apr 19)
    - Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 19)
    - Re: Requirements for IPv6 Firewalls George William Herbert (Apr 19)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 19)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
    - Re: Requirements for IPv6 Firewalls Dobbins, Roland (Apr 20)

(Thread continues...)