IPv6 Firewall on CPEs - Default on or off
Benedikt Stockebrand
me at benedikt-stockebrand.de
Tue Dec 4 11:51:54 CET 2012
Hi everybody,
sorry for the delay, things were rather busy the last couple days.
Just to sum this up:
Philipp Kern <phil at philkern.de> writes:
> [Assorted whining about being stuck behind a mandatory firewall deleted]
>> So, your reason to have a configurable diode style setup disabled by
>> default at some other place is because at your place they didn't
>> make it configurable at all?
>>
>> Sorry, but this is ridiculous.
>
> You think? Can you tell me how to make it configurable given that we do not
> have any relationship with the end users at all? I'd be happy to set something
> up that lets users whitelist their IPs, but as it is, only very few are able to
> provide routed subnets to their students. The others use one large broadcast
> domain where all users are stuffed into. The source IPv6 might then be a
> privacy address, or some sort of static IPv6 or a SLAAC one. So it's highly
> unclear to me how to whitelist them.
Let me spell it out once again: Ragnar has a setup as a consumer ISP
where customers *do* have an option to turn a diode-style filter
configuration on or off. His question was what to set the
configuration to by default.
That has *nothing* to do with your issues. Still you claim your
entirely unrelated problems to be of relevance to Ragnar's question.
If you really want to continue discussing *your* issues, please do so
in a separate thread.
> [More whining deleted]
>> CGN at carrier grade bandwidths is an entirely different league in
>> pretty much any respect.
>
> True. It's not that 1G/1G CGN would be hard with Linux hardware of any sort.
I'll quote you on that one. You realize what the "CG" in CGN stands for?
Benedikt
--
Business Grade IPv6
Consulting, Training, Projects
Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/
More information about the ipv6-ops
mailing list