Consumer Grade - IPV6 Enabled Router Firewalls.

Simon Perreault simon.perreault at
Fri Dec 11 07:41:01 CST 2009

Joe Greco wrote, on 2009-12-11 08:36:
> Everyone knows a NAT gateway isn't really a firewall, except more or less
> accidentally.  There's no good way to provide a hardware firewall in an
> average residential environment that is not a disaster waiting to happen.  
> If you make it "smart" (i.e. UPnP) then it will of course autoconfigure
> itself for an appropriate virus.
> However, your average home user often doesn't change their $FOOGEAR 
> password from the default of 1234, and it is reasonable to assume that 
> at some point, viruses will ship with some minimal knowledge of how to 
> "manually" fix their networking environment.  Or better yet?  Runs a
> password cracker until it figures it out, since the admin interfaces
> on these things are rarely hardened.
> If you actually /do/ a really good firewall, then of course users find
> it "hard to use" and your company takes a support hit, maybe gets a
> bad reputation, etc.
> There's no winning.


We have thus come to the conclusion that there shouldn't be a NAT-like firewall
in IPv6 home routers.

DNS64 open-source   -->
STUN/TURN server    -->
vCard 4.0           -->

More information about the NANOG mailing list