IPv6 Firewall on CPEs - Default on or off
Bjørn Mork
bjorn at mork.no
Tue Dec 4 16:49:27 CET 2012
Tore Anderson <tore at fud.no> writes:
> The ISP I have at home, Get, gave me a CPE. A Cisco EPC3010, for what
> it's worth. It contains no firewall, no NAT44, no "diode", no nothing.
> Not for IPv4 nor for IPv6.
>
> I'm betting that most ordinary users regard it simply as an "internet
> box". Just as the Swedish ETTH users regards their wall socket as the
> "internet plug". If they have any expectation that their "internet box"
> contains any firewall/NAT44/"diode" feature they're quite simply dead wrong.
This is getting a bit off topic... But did you try running nmap both
from inside and the outside? I don't know what they do nowadays, but
they did use to filter a few "Windows" port from the outside and in, and
at least port 25/tcp from the inside and out. I assume they still do.
Don't know anything about user expectations (only about mine, and I have
learned a long time ago that those do not match most users :-), but I do
know that there are other entities expecting the 25/tcp filter. I would
be very surprised of that wasn't the same for IPv6.
Bjørn
More information about the ipv6-ops
mailing list