IPv6 Firewall on CPEs - Default on or off

Bjørn Mork bjorn at mork.no
Tue Dec 4 16:49:27 CET 2012


Tore Anderson <tore at fud.no> writes:

> The ISP I have at home, Get, gave me a CPE. A Cisco EPC3010, for what
> it's worth. It contains no firewall, no NAT44, no "diode", no nothing.
> Not for IPv4 nor for IPv6.
>
> I'm betting that most ordinary users regard it simply as an "internet
> box". Just as the Swedish ETTH users regards their wall socket as the
> "internet plug". If they have any expectation that their "internet box"
> contains any firewall/NAT44/"diode" feature they're quite simply dead wrong.

This is getting a bit off topic...  But did you try running nmap both
from inside and the outside?  I don't know what they do nowadays, but
they did use to filter a few "Windows" port from the outside and in, and
at least port 25/tcp from the inside and out. I assume they still do.

Don't know anything about user expectations (only about mine, and I have
learned a long time ago that those do not match most users :-), but I do
know that there are other entities expecting the 25/tcp filter.  I would
be very surprised of that wasn't the same for IPv6.  


Bjørn


More information about the ipv6-ops mailing list