Pointer for documentation on actually delivering IPv6

Pete Carah pete at altadena.net
Fri Dec 10 06:28:55 UTC 2010


On 12/10/2010 12:52 AM, Wil Schultz wrote:
> On Dec 9, 2010, at 9:39 PM, George Bonser wrote:
>
>>
>>>> Speaking of IPV6 security, is there any movement towards any open
>>> source
>>>> IPV6 firewall solutions for the consumer / small business?
>>>>
>>>> Almost all the info I've managed to find to date indicates no
>>> support, nor
>>>> any planned support in upcoming releases.
>>>>
>>>> Any info would be helpful.
>>> monowall and openwrt (both for embedded routers support v6 without
>>> drama.
>> I believe Shorewall does too, now.
>>
>>
>>
> FreeBSD w/ PF seems to work great as well. :-)
I'll second that; for 8-12 mbit with no vlans it even runs fine on a
Soekris 4801 (I have 2 4801's and a 5500 (which has a fairly complicated
internal vlan-based network and a 20meg external connection) doing
normal nat + HE tunnel to native v6 internally.  Since my boss got win7
going there is plenty of exercise for the v6 path.  I suspect the OP
wants a consumer-level gui though, which plain fbsd doesn't do, and
there are some tricky parts to v6 pf configuration to handle ra and ndp
(which I hope will get documented someday - 2 extra pass rules that you
wouldn't expect to need).  One of these days we will get native v6
coming in (hint, comcast :-)

-- Pete
> -wil




More information about the NANOG mailing list