Requirements for IPv6 Firewalls

Jeff Kell jeff-kell at
Sat Apr 19 03:29:40 UTC 2014

On 4/18/2014 10:10 PM, Dobbins, Roland wrote:
> On Apr 19, 2014, at 9:04 AM, Jeff Kell <jeff-kell at> wrote:
>> It's how we provide access control.
> Firewalls <> 'access control'.
> Firewalls are one (generally, very poor and grossly misused) way of providing access control.  They're often wedged in where stateless ACLs in hardware-based routers and/or layer-3 switches would do a much better job, such as in front of servers:

I call BS...  what do you expect closes the gap, host firewalls?  Most
3rd party crap has no firewalls and gets no specific rules for local
LANs or authorized users.

Firewalls are front-line defense, for the crap that is too generic /
misconfigured to protect itself.  And there are tons of these.

Anyone ever pentested you?  It's an enlightening experience.


More information about the NANOG mailing list