Consumer Grade - IPV6 Enabled Router Firewalls.
owen at delong.com
Mon Dec 14 02:58:45 CST 2009
>> UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway.
>> You don't need UPnP if you'r not doing NAT.
> wishful thinking.
> you're likely to still have a staeful firewall and in the consumer
> someone is likely to want to punch holes in it.
Yes, SI will still be needed. However, UPnP is, at it's heart a way
arbitrary unauthenticated applications the power to amend your security
policy to their will. Can you possibly explain any way in which such a
thing is at all superior to no firewall at all?
I would argue that a firewall that can be reconfigured by any applet a
clicks on (whether they know it or not) is actually less useful than no
firewall because it creates the illusion in the users mind that there
firewall protecting them.
More information about the NANOG