Default security functions on an IPv6 CPE

Thomas Schäfer thomas at
Thu May 5 16:34:50 CEST 2011

Am 05.05.2011 16:21, schrieb Guillaume.Leclanche at
> Hello,
> As a service provider, we deliver CPEs to our broadband customers as
> part of the service. We're currently enabling v6 on our network, and
> before going into production we have an open question regarding
> security that we're not able to answer internally, so let's check the
> community :
> ** A SP deliver the CPEs with a stateful IPv6 firewall providing the
> same security features as an IPv4 NAPT, should it be turned ON or OFF
> by default ?

It means only traffic (answers) asked by the user is allowed.

I vote for ON.

> (and of course it's user configurable afterwards, that's not the
> question)

The advanced user will find the way.




There’s no place like ::1

Thomas Schäfer (Systemverwaltung)
Centrum für Informations- und Sprachverarbeitung
Schellingstraße 10 Raum J407A
80799 München ☎ +49/89/2180-9706  ℻ +49/89/2180-9701

More information about the ipv6-ops mailing list