Default security functions on an IPv6 CPE

Thomas Schäfer thomas at cis.uni-muenchen.de
Thu May 5 16:34:50 CEST 2011


Am 05.05.2011 16:21, schrieb Guillaume.Leclanche at swisscom.com:
> Hello,
>
> As a service provider, we deliver CPEs to our broadband customers as
> part of the service. We're currently enabling v6 on our network, and
> before going into production we have an open question regarding
> security that we're not able to answer internally, so let's check the
> community :
>
> ** A SP deliver the CPEs with a stateful IPv6 firewall providing the
> same security features as an IPv4 NAPT, should it be turned ON or OFF
> by default ?

It means only traffic (answers) asked by the user is allowed.

I vote for ON.



>
> (and of course it's user configurable afterwards, that's not the
> question)

The advanced user will find the way.


Regards,

Thomas


-- 

There’s no place like ::1

Thomas Schäfer (Systemverwaltung)
Ludwig-Maximilians-Universität
Centrum für Informations- und Sprachverarbeitung
Schellingstraße 10 Raum J407A
80799 München ☎ +49/89/2180-9706  ℻ +49/89/2180-9701



More information about the ipv6-ops mailing list