Consumer Grade - IPV6 Enabled Router Firewalls.
swmike at swm.pp.se
Fri Dec 11 08:10:05 CST 2009
On Fri, 11 Dec 2009, Simon Perreault wrote:
> We have thus come to the conclusion that there shouldn't be a NAT-like
> firewall in IPv6 home routers.
No, the conclusion is that for IPv6 there should be something that behaves
much like current IPv4 NAT boxes, ie do stateful firewalling and only let
internal computers initiate conenctions outgoing, do protocol sniffing for
allowing incoming new connections, and use some uPNP like method to do
temporary firewall openings.
This is the social contract of the current home gateway ecosystem, and
intiially IPv6 devices need to replicate this.
Last I checked, this was the conclusion of multiple IPv6 related
IETF working groups, check out "homegate" and "v6ops" WGs for instance.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG