IPv6 Firewall on CPEs - Default on or off
Tore Anderson
tore.anderson at redpill-linpro.com
Tue Nov 27 15:08:35 CET 2012
* Mikael Abrahamsson
> Well, initially we disabled broadcast capability between customers which
> meant they couldn't see each other in "my network neighbourhood" (direct
> access still worked, but people generally didn't do that), and then we
> blocked "windows ports" later. A lot of deployments I know of still
> today block whatever ports windows uses in 135-139 and 445 for this reason.
So NAT44 or other kind of CPE with firewalling wasn't part of the solution.
Then why does it need to be for IPv6?
I would have much less issue with the ISP blocking known Windows
LAN-only service ports like the ones you're mentioning, plus L2
isolation of individual subscribers, than a "drop all inbound"
firewalling solution enabled by default.
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
More information about the ipv6-ops
mailing list