nanog mailing list archives
Re: Pointer for documentation on actually delivering IPv6
From: Pete Carah <pete () altadena net>
Date: Fri, 10 Dec 2010 01:28:55 -0500
On 12/10/2010 12:52 AM, Wil Schultz wrote:
On Dec 9, 2010, at 9:39 PM, George Bonser wrote:Speaking of IPV6 security, is there any movement towards any opensourceIPV6 firewall solutions for the consumer / small business? Almost all the info I've managed to find to date indicates nosupport, norany planned support in upcoming releases. Any info would be helpful.monowall and openwrt (both for embedded routers support v6 without drama.I believe Shorewall does too, now.FreeBSD w/ PF seems to work great as well. :-)
I'll second that; for 8-12 mbit with no vlans it even runs fine on a Soekris 4801 (I have 2 4801's and a 5500 (which has a fairly complicated internal vlan-based network and a 20meg external connection) doing normal nat + HE tunnel to native v6 internally. Since my boss got win7 going there is plenty of exercise for the v6 path. I suspect the OP wants a consumer-level gui though, which plain fbsd doesn't do, and there are some tricky parts to v6 pf configuration to handle ra and ndp (which I hope will get documented someday - 2 extra pass rules that you wouldn't expect to need). One of these days we will get native v6 coming in (hint, comcast :-) -- Pete
-wil
Current thread:
- Re: Pointer for documentation on actually delivering IPv6, (continued)
- Re: Pointer for documentation on actually delivering IPv6 Joe Greco (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 Truman Boyes (Dec 06)
- Re: Pointer for documentation on actually delivering IPv6 david raistrick (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Chuck Anderson (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Owen DeLong (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 07)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 12)
- Re: Pointer for documentation on actually delivering IPv6 Joel Jaeggli (Dec 09)
- RE: Pointer for documentation on actually delivering IPv6 George Bonser (Dec 09)
- Re: Pointer for documentation on actually delivering IPv6 Wil Schultz (Dec 09)
- Re: Pointer for documentation on actually delivering IPv6 Pete Carah (Dec 09)