Default security functions on an IPv6 CPE

S.P.Zeidler spz at
Sun Jun 5 11:11:15 CEST 2011


Thus wrote Gavin McCullagh (gavin.mccullagh at

> On Tue, 31 May 2011, Gavin McCullagh wrote:
> > On Tue, 31 May 2011, Tim Chown wrote:
> > 
> > > Yes, the point is that the privacy address is used for connections the
> > > host initiates.  That's been true for any implementation I've seen.
> > 
> > I wonder if at some point a sensible (desktop) firewall policy might only
> > allow incoming connections to the persistent addresses.
> Perhaps I might soften that question to wondering will it be feasible to
> have services only listen by default on the permanent address :-)

That does seem like a good idea indeed :-)

I think network services should support specifying the addresses
they will listen on; and in my opinion requiring explicit config
to listen on all available addresses would be a good idea.

spz at (S.P.Zeidler)

More information about the ipv6-ops mailing list