A challenge (was Re: Default security functions on an IPv6 CPE)

[Mikael Abrahamsson]

Sorry for jumping in in the middle of the thread, but I couldn't find the 
email I wanted to find to reply to.

There was a comment earlier about IKE (UDP/500) and IPSEC, and if the CPE 
has a default-deny-ingress stateful firewall that doesn't allow any new 
connections, would allowing IKE (UDP/500) and IPSEC (IP proto 50) by 
default make sense?

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se