[AusNOG] Globally Routed IPv6 and Windows Firewall
Joseph Goldman
joe at apcs.com.au
Fri Jul 25 14:09:03 EST 2014
Hi Pete,
Thats re-assuring at least. Only just starting roll-out of IPv6
myself, all roll out has been done to managed devices thus far and I
hadn't entered the realm of Home CPE devices. If the major brands have
enough sense to include a basic set of filters then that is music to my
ears :).
Thanks,
Joe
On 25/07/14 14:06, Pete Mundy wrote:
> On 25/07/2014, at 3:47 PM, Greg Anderson <ganderson at raywhite.com> wrote:
>
>> I am not aware of any home router that out of the box has a firewall enabled for clients out of the box with IPv4. I generally expect that clients are (badly) protected because there is no NAT unless specified by an end user or UPNP. On many you can enable firewalls for the clients but they are usually for outbound traffic, or only inbound for a (usually single) DMZ type device that nearly all ports are forwarded to.
> I'm not sure if this is a type or what, but my experience is the exact opposite
>
> I am not aware of any home router that out of the box does NOT have firewall enabled for IPv5 (nor NAT for that matter; for without it the user would have no internet on their multiple-device network with only one public v4 IP).
>
> Furthermore, all IPv6 capable CPE devices that I've seen supplied by network providers here in NZ all have the IPv6 firewall enabled by default too. So you get real-world IP addresses on your workstations but they're protected at the border by default and you can't accept connections to them without loading a rule (ie no change from current situation with v4).
>
> Pete
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140725/a95eeb84/attachment.html>
More information about the AusNOG
mailing list