 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
As I recall from previous discussion here and on other lists... One of the barriers to widespread deployment of IPv6 is fear about security. People have come to rely on their IPv4 NAT as a form of inbound packet filter. So moving forward, it seems only natural that (for people who agree with this policy) a lot of IPv6 firewalls will need to be configured to block all inbound IPv6 traffic and permit all outbound. Unfortunately, this defeats the main value-add of IPv6, which is peer-to-peer. So logically, it seems natural, a lot of IPv6 firewalls will need to support things like NAT-PMP, or IGD, so the internal devices can automatically configure inbound ports to enable peer-to-peer, whilst maintaining a reasonably secure perimeter firewall. This allows you to block all unsolicited inbound traffic, but allow clients to communicate with solicited peers for firewall traversal. (And at some point, it seems natural that some authentication scheme will be necessary, so only specific applications and/or specific machines will be able to use that functionality, etc.) Now the question I have is ... Neither NAT-PMP, nor IGD seem to support IPv6. So what up?
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
