Default security functions on an IPv6 CPE
spz at serpens.de
Sun Jun 5 11:11:15 CEST 2011
Thus wrote Gavin McCullagh (gavin.mccullagh at gcd.ie):
> On Tue, 31 May 2011, Gavin McCullagh wrote:
> > On Tue, 31 May 2011, Tim Chown wrote:
> > > Yes, the point is that the privacy address is used for connections the
> > > host initiates. That's been true for any implementation I've seen.
> > I wonder if at some point a sensible (desktop) firewall policy might only
> > allow incoming connections to the persistent addresses.
> Perhaps I might soften that question to wondering will it be feasible to
> have services only listen by default on the permanent address :-)
That does seem like a good idea indeed :-)
I think network services should support specifying the addresses
they will listen on; and in my opinion requiring explicit config
to listen on all available addresses would be a good idea.
spz at serpens.de (S.P.Zeidler)
More information about the ipv6-ops