Consumer Grade - IPV6 Enabled Router Firewalls.

Mohacsi Janos mohacsi at
Sat Dec 12 00:55:15 CST 2009

On Fri, 11 Dec 2009, Roger Marquis wrote:

> Joe Greco wrote:
>> Everyone knows a NAT gateway isn't really a firewall, except more or less
>> accidentally.  There's no good way to provide a hardware firewall in an
>> average residential environment that is not a disaster waiting to happen.
> Gotta love it.  A proven technology, successfully implemented on millions
> of residential firewalls "isn't really a firewall, but rather "a disaster
> waiting to happen".  Make you wonder what disaster and when exactly it's
> going to happen?
> Simon Perreault wrote:
>> We have thus come to the conclusion that there shouldn't be a
>> NAT-like firewall in IPv6 home routers.
> And that, in a nutshell, is why IPv6 is not going to become widely
> feasible any time soon.
> Whether or not there should be NAT in IPv6 is a purely rhetorical
> argument.  The markets have spoken, and they demand NAT.
> Is there a natophobe in the house who thinks there shouldn't be stateful
> inspection in IPv6?  If not then could you explain what overhead NAT
> requires that stateful inspection hasn't already taken care of?
> Far from the issue some try to make it out to be, NAT is really just a
> component of stateful inspection.  If you're going to implement
> statefulness there is no technical downside to implementing NAT as well.
> No downside, plenty of upsides, no brainer...

Nobodoy thinks that statefull firewall is not necessary for IPv6. If you 
want to particiapte the discussion then comment the IETF v6ops document:

Best Regards,
 		Janos Mohacsi

More information about the NANOG mailing list