NAT firewall for IPv6?
Baldur Norddahl
baldur.norddahl at gmail.com
Tue Jul 5 19:22:15 UTC 2016
On 5 July 2016 at 17:40, Lee <ler762 at gmail.com> wrote:
>
> Right. But how long is it going to take to secure the Palo Alto firewall?
> If the central Cisco Catalyst really is an IPv6 router, doing a
> conf t
> ipv6 access-list denyIPv6
> deny ipv6 any any
>
> interface [whatever connects to the ISP]
> ipv6 traffic-filter denyIPv6 in
> ipv6 traffic-filter denyIPv6 out
> end
> would be a quick fix for the firewall not doing any ipv6 filtering.
>
Nope, that is not going to stop his IPv6 address from appearing, which I
will bet you good money is in the range of fe80::/64.
More information about the NANOG
mailing list