Default security functions on an IPv6 CPE
swmike at swm.pp.se
Thu May 12 11:49:15 CEST 2011
On Thu, 12 May 2011, Ted Mittelstaedt wrote:
> I don't see why it would. Any e2e application written with any modicum
> of regard for the user is going to be done in such a way that the
> "receiving" user will be requested whether or not they want to receive
> incoming traffic from the other end. When they indicate yes then their
> client can issue a UPNPv6 request to the firewall.
How would the e2e application know if it's being contacted if it can't
receive traffic from the Internet in the first place? If you say "via the
server it connected to initially" then you have just defined a non-e2e
application (it's not standalone).
So with a FW on, you *need* UPNP, and in a hierichal network home
(multiple gateways getting prefixes through PD), these UPNP messages need
to traverse multiple potential gateways as well.
It's complicated, it's going to cause problems, but I don't really see how
it can be avoided.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops