IPv6 Firewall on CPEs - Default on or off
Eric Vyncke (evyncke)
evyncke at cisco.com
Wed Dec 5 20:05:02 CET 2012
OTOH, AFAIK Microsoft does not run netbios anymore (so no netbios over IPv6 hence no need to block 137-139)
-éric
> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Steinar H. Gunderson
> Sent: mardi 4 décembre 2012 14:30
> To: Tore Anderson
> Cc: Martin Millnert; Benedikt Stockebrand; ipv6-ops at lists.cluenet.de; Bjørn
> Mork
> Subject: Re: IPv6 Firewall on CPEs - Default on or off
>
> 2012/12/4 Tore Anderson <tore at fud.no>:
> > Outbound IPv4:
> > 25/tcp filtered smtp
> > 135/tcp filtered msrpc
> > 136/tcp filtered profile
> > 137/tcp filtered netbios-ns
> > 138/tcp filtered netbios-dgm
> > 139/tcp filtered netbios-ssn
> > 445/tcp filtered microsoft-ds
> > 646/tcp filtered ldp
> > 1025/tcp filtered NFS-or-IIS
> > 2745/tcp filtered unknown
> > 3127/tcp filtered unknown
> > 6129/tcp filtered unknown
>
> A tangent: I can understand blocking 25 outbound, but 445 outbound has always
> seemed a bit excessive to me. Surely anyone who are afraid of virus attacks
> will block 445 inbound, and this blocks CIFS over the Internet, which is a
> perfectly legitimate usage. In particular, it means that those who cannot or
> will not run a VPN service do not have a good alternative for people logging
> into their home directory from home.
>
> /* Steinar */
> --
> Software Engineer, Google Switzerland
More information about the ipv6-ops
mailing list