IPv6 Firewall on CPEs - Default on or off

sthaug at nethelp.no sthaug at nethelp.no
Wed Nov 28 13:02:02 CET 2012

> > 2. Should the protection level be the same for all users?
> > 
> > - I think we all agree that if the ISP does not provide a CPE, then
> > there should be no firewall. Right?
> That would surprise me greatly. Why would a CPE-less user be any less
> needing of a firewall than one who was provided with a CPE?

Maybe because that's how it works for lots of DSL users today?

(ObDisclaimer: My employer has been in the DSL business for around
10 years. What's typically sold is a DSL connection which is simply
terminated in a bridge type "modem" - usually with one DSL port and
one Ethernet port. No firewall whatsoever.)

> It might make some sense to argue that "professional" users need less
> protection by default, but the absence or presence of a CPE does not
> give any indication whatsoever of how clueful (or -less) the user is.

My experience is that a product which includes firewalling is usually
*sold* specifically as such.

Steinar Haug, AS 2116

More information about the ipv6-ops mailing list