Default security functions on an IPv6 CPE

Guillaume.Leclanche at Guillaume.Leclanche at
Fri May 6 16:24:33 CEST 2011

> -----Original Message-----
> From: Mikael Abrahamsson [mailto:swmike at]
> Sent: Thursday, May 05, 2011 9:05 PM
> To: Leclanche Guillaume, SCS-NIT-DEV-NTW-CYC-CTB
> > ** A SP deliver the CPEs with a stateful IPv6 firewall providing the
> > same security features as an IPv4 NAPT, should it be turned ON or OFF
> by
> > default ?
> My suggestion is to deliver it with firewall on to disallow incoming
> connections to low (<1024) TCP/UDP ports, allow high ones. Most of the
> services people leave on by accident live on the old privileged unix
> ports
> under 1024.

Thank you all for your answers. The debate reflects almost exactly the arguments we have internally :)

I like this suggestion from Mike, I believe it sounds like a reasonable compromise.

What do you all think about the proposal ? (keep in mind we're talking here only about the default configuration !)


More information about the ipv6-ops mailing list