Do we still need Gi Firewall for 3G/UMTS/HSPA network ?

TJ trejrco at
Thu Apr 16 08:58:07 CDT 2009

That's why you use Teredo - it defeats that sort of simple statefulness, and
((SSH'ed from one laptop (WinXP, using MS's Teredo over double-NATed v4
connection) to another laptop (Ubuntu, EVDO, + Miredo) ... although it was
pretty slow, it fit my needs at the time.))

For a time, maybe still today?, 6to4 would work as well.  That is, the
carrier may have been filtering unsolicited TCP/UDP ... but not Protocol41.
(Off the top of my head, I forget which providers fell into which side of
the ItWorked | ItStillWorks camp)


>-----Original Message-----
>From: Charles Wyble [mailto:charles at]
>Sent: Thursday, April 09, 2009 6:09 PM
>To: Skywing
>Cc: NANOG list
>Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>Yep verizon does indeed filter all unsolicated inbound traffic to the EVDO
>network. It can be a blessing or a curse. :)
>Skywing wrote:
>> Verizon filters unsolicited inbound traffic for their EVDO customers in
>> - S
>> -----Original Message-----
>> From: Roland Dobbins <rdobbins at>
>> Sent: Thursday, April 09, 2009 09:32
>> To: NANOG list <nanog at>
>> Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>> On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
>>> Please share your thought and thanks in advance :)
>> No, IMHO.  Most broadband operators don't insert firewalls inline in
>> front of their subscribers, and wireless broadband is no different.
>> The infrastructure itself must be protected via iACLs, the various
>> vendor-specific control-plane protection mechanisms, and so forth, but
>> inserting additional state in the middle of everything doesn't buy
>> anything, and introduces additional constraints and concerns.
>> ----------------------------------------------------------------------
>> - Roland Dobbins <rdobbins at> // +852.9133.2844 mobile
>>    Our dreams are still big; it's just the future that got small.
>>                    -- Jason Scott

More information about the NANOG mailing list