[External] Re: IPv6 uptake

Mon Feb 19 17:45:54 UTC 2024

OpenWrt, from which much is derived, is default deny on ipv4 and ipv6.

The ipv6 firewall on most cable devices prior to the XB6 is very, very limited.

On Mon, Feb 19, 2024 at 12:44 PM William Herrin <bill at herrin.us> wrote:
>
> On Mon, Feb 19, 2024 at 9:23 AM Hunter Fuller <hf0002+nanog at uah.edu> wrote:
> > On Mon, Feb 19, 2024 at 11:16 AM William Herrin <bill at herrin.us> wrote:
> > > > There isn't really an advantage to using v4 NAT.
> > > I disagree with that one. Limiting discussion to the original security
> > > context (rather than the wider world of how useful IPv6 is without
> > > IPv4), IPv6 is typically delivered to "most people" without border
> > > security, while IPv4 is delivered with a stateful NAT firewall.
> >
> > Maybe this is the disconnect. Who delivers v6 without a firewall?
> >
> > I've done a lot of T-Mobile and Comcast business connections lately,
> > and those certainly both provide a firewall on v4 and v6. I'll admit
> > I'm not currently well-versed in other providers (except ones that
> > don't provide v6 at all...).
>
> Hi Hunter,
>
> You may be right. I haven't ordered SOHO service in a long time and in
> fairness you were talking about Joe's Taco Shop not Joe's home
> network.
>
> I -suspect- that the wifi router provided for Joe's home network
> doesn't do much more than plain routing on the IPv6 side but I do not
> know that for a truth. I ordered my wave and comcast services without
> a router and I didn't keep the centurylink router long enough to test
> whether it did any filtering on IPv6. I noticed no knobs for IPv6
> filtering or port forwarding, so I suspect it did not.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/

-- 
40 years of net history, a couple songs:
https://www.youtube.com/watch?v=D9RGX6QFm5E
Dave Täht CSO, LibreQos