nanog mailing list archives

Re: Requirements for IPv6 Firewalls

From: Gary Buhrmaster <gary.buhrmaster () gmail com>
Date: Fri, 18 Apr 2014 18:02:41 +0000

On Fri, Apr 18, 2014 at 3:02 PM, William Herrin <bill () herrin us> wrote:
....

The main drivers behind the desire for NAT in IPv6 you've heard
before, but I'll repeat them for the sake of clarity:


5. Some industries (PCI compliance) *require* NAT as part of
    the audit-able requirements.  Yes, that should get changed.
    But until it does, (at least some) enterprises are going to
    be between a rock and a hard place.

As Bill says, the place to get this fixed is not to tell the
enterprises they are doing it wrong, but to change the
requirements that auditors measure against.  I would cheer
the effort to engage those bodies to get them to understand
that NAT is not the way (for it is not).  This does not mean
ignore the problem.  It does not mean to tell people they
are doing it wrong.  It means active engagement with such
organizations.  And it is hard, policy type, work,

Current thread:

Re: Requirements for IPv6 Firewalls, (continued)
- - - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
    - Re: Requirements for IPv6 Firewalls joel jaeggli (Apr 19)
    - Re: Requirements for IPv6 Firewalls Gary Buhrmaster (Apr 19)
    - Re: Requirements for IPv6 Firewalls TheIpv6guy . (Apr 18)
    - Re: Requirements for IPv6 Firewalls Florian Weimer (Apr 19)
    - Re: Requirements for IPv6 Firewalls Simon Perreault (Apr 22)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls George Herbert (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls Matt Palmer (Apr 18)
    - Re: Requirements for IPv6 Firewalls Gary Buhrmaster (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
    - Re: Requirements for IPv6 Firewalls Matthew Kaufman (Apr 18)
    - Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
    - Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
    - Re: Requirements for IPv6 Firewalls George Herbert (Apr 18)
    - Re: Requirements for IPv6 Firewalls Lee Howard (Apr 21)

(Thread continues...)