nanog mailing list archives
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
From: Owen DeLong <owen () delong com>
Date: Mon, 14 Dec 2009 01:08:36 -0800
I really am honestly sick of people thinking IPv6 is a panacea. It isn't. UPnP is rather a bit of a hack for sure, protocols should be better designed, but in this modern age of Peer To Peer you need a way for applications to ask the firewall to selectively open incoming ports.If the addresses of your gaming machines are no longer dynamic and their ports are no longer getting dynamically remapped, why do you need that instead of a way to tell the firewall that X machine is allowed to receive packets on Y ports from Z hostlist (where X,Z can be wildcarded, and, Y can be some form of list, range, or
list of ranges)?No, IPv6 is not a panacea. However, IPv6 does eliminate the need for rapidly changing addresses on hosts that need to accept inbound connections, which makes it possible to define policy for those hosts rather than just trusting unauthenticated arbitrary applications to amend your security policy at your border.
UPnP is the firewall equivalent of having US CBP admit any person who has someone in the US say that they should be admitted. While I do support some level of immigration reform and more open borders than
has been the trend of late, even I would not go that far. Owen
Current thread:
- Re: Consumer Grade - IPV6 Enabled Router Firewalls., (continued)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 12)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mikael Abrahamsson (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 13)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Michael Loftis (Dec 13)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. gordon b slater (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mohacsi Janos (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Steven Bellovin (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 16)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 15)