IPv6 Firewall on CPEs - Default on or off

[Lorenzo Colitti]

On Wed, Nov 28, 2012 at 1:59 AM, Ben Jencks <ben at bjencks.net> wrote:

> > So at the end of the day it comes down to what you think your customers
> > would want the extra aggravation in exchange for the extra security. If
> > you asked the customer "would you like your skype calls and video chats
> > to work better, or would you like a double layer of protection from some
> > attacks that aren't really today's main focus?", what would the answer
> > be? Can you give the customer that choice, or are you obliged to pick
> > one answer for everybody?
>
> Just about everyone seems to agree it should be configurable, but most
> (90%? 95%?) users won't ever change it from the default.


But we still haven't answered two key questions, which IMO are:

1. if you asked the customers, what would their answer be? "We don't know
what our customers want, so we'll just cover our asses and pick the safe
route" is not a particularly appealing way to make a decision.

2. Should the protection level be the same for all users?

- I think we all agree that if the ISP does not provide a CPE, then there
should be no firewall. Right?
- We probably (?) mostly agree that if the customer wants a static IP, then
they think they're professionals and they don't want a firewall
- Is there anything else we can say based on what the user pays for /
orders / requests, or what traffic the user receives, or...?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20121128/c3ac2477/attachment.html