IPv6 Firewall on CPEs - Default on or off
Steinar H. Gunderson
sesse at google.com
Tue Dec 4 23:30:21 CET 2012
2012/12/4 Tore Anderson <tore at fud.no>:
> Outbound IPv4:
> 25/tcp filtered smtp
> 135/tcp filtered msrpc
> 136/tcp filtered profile
> 137/tcp filtered netbios-ns
> 138/tcp filtered netbios-dgm
> 139/tcp filtered netbios-ssn
> 445/tcp filtered microsoft-ds
> 646/tcp filtered ldp
> 1025/tcp filtered NFS-or-IIS
> 2745/tcp filtered unknown
> 3127/tcp filtered unknown
> 6129/tcp filtered unknown
A tangent: I can understand blocking 25 outbound, but 445 outbound has
always seemed a bit excessive to me. Surely anyone who are afraid of
virus attacks will block 445 inbound, and this blocks CIFS over the
Internet, which is a perfectly legitimate usage. In particular, it
means that those who cannot or will not run a VPN service do not have
a good alternative for people logging into their home directory from
home.
/* Steinar */
--
Software Engineer, Google Switzerland
More information about the ipv6-ops
mailing list