Default security functions on an IPv6 CPE

Doug Barton dougb at
Thu May 5 20:46:12 CEST 2011

On 05/05/2011 07:43, Nick Hilliard wrote:
> On the other hand, if you enable the firewall, you will annoy a small
> percentage of power users.  However, there's a strong argument to be
> made to say that they are generally the sort of people who could log on
> to the router and make configuration changes anyway.


The whole "restore e2e" pipe dream needs to die. The naive user has been 
conditioned by a lifetime of NAT that there should be no access from the 
outside world allowed into his network without explicitly enabling it. 
The fact that I happen to agree with that perspective aside, if the 
firewall for IPv6 defaults to off that same naive user is going to view 
IPv6 as "scary," "dangerous," "less secure," or all of the above. As 
Nick said so elegantly above, anyone who cares can turn it off.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the ipv6-ops mailing list