[AusNOG] Globally Routed IPv6 and Windows Firewall

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Tue Jul 29 18:42:39 EST 2014


>________________________________
> From: jake anderson <yahoo at vapourforge.com>
>To: ausnog at lists.ausnog.net 
>Sent: Friday, 25 July 2014 5:29 PM
>Subject: Re: [AusNOG] Globally Routed IPv6 and Windows Firewall
> 
>
>In the "Good news" category fritzbox did a great job with IPv6 both dual 
>stack and tunneled as I recall from my time with internode, I don't 
>recall exactly but I *believe* the firewall was on by default for IPv6, 
>and I needed to do something to allow access through it.
>

Actually, they didn't do a good job at all. They committed the most and a number of the worst sins I described in my presentation on IPv6 CPE back in 2011.

http://www.ausnog.net/sites/default/files/ausnog-05/presentations/ausnog-05-d02p02-mark-smith.pdf

What was worse was that they ignored all of my feedback, which was particularly galling when Internode (their future customer) were not only paying for my time while looking at their product, but also supporting and in effect sponsoring the introduction of their product to the Australian market.

>
>On 2014-07-25 4:51 PM, Jeremy Visser wrote:
>> On 25 Jul 2014, at 13:46, Craig Askings <craig at askings.com.au> wrote:
>>> Almost every home ipv6 cpe I’ve dealt with has some form of inbound filtering in place by default.
>> All the NetComm routers I’ve tested in the past two years apart from the latest firmware on the most recent one (NF4V) either had no IPv6 firewall enabled by default, or no IPv6 firewall capability whatsoever.
>>
>> One unit I have on my desk at work (NB16WV-02) always listens on port 80 on its IPv6 LAN address with no way to firewall it from the WAN.  I reported the exact same issue for another of their routers (NP805n) two years ago and they did exactly nothing about it.
>>
>> The NF4V by default is IPv6 firewalled, but has the world’s worst interface should you wish to modify the behaviour (including no ability to insert a rule — it is only capable of appending rules at the end).
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
>
>_______________________________________________
>AusNOG mailing list
>AusNOG at lists.ausnog.net
>http://lists.ausnog.net/mailman/listinfo/ausnog
>
>


More information about the AusNOG mailing list