Consumer Grade - IPV6 Enabled Router Firewalls.

Mikael Abrahamsson swmike at swm.pp.se
Fri Dec 11 14:10:05 UTC 2009


On Fri, 11 Dec 2009, Simon Perreault wrote:

> We have thus come to the conclusion that there shouldn't be a NAT-like 
> firewall in IPv6 home routers.

No, the conclusion is that for IPv6 there should be something that behaves 
much like current IPv4 NAT boxes, ie do stateful firewalling and only let 
internal computers initiate conenctions outgoing, do protocol sniffing for 
allowing incoming new connections, and use some uPNP like method to do 
temporary firewall openings.

This is the social contract of the current home gateway ecosystem, and 
intiially IPv6 devices need to replicate this.

Last I checked, this was the conclusion of multiple IPv6 related 
IETF working groups, check out "homegate" and "v6ops" WGs for instance.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se




More information about the NANOG mailing list