IPv6 Firewall on CPEs - Default on or off

Tore Anderson tore.anderson at redpill-linpro.com
Wed Nov 28 13:27:13 CET 2012


* sthaug at nethelp.no

>> Why would a CPE-less user be any less needing of a firewall than
>> one who was provided with a CPE?
> 
> Maybe because that's how it works for lots of DSL users today?
> 
> (ObDisclaimer: My employer has been in the DSL business for around 10
> years. What's typically sold is a DSL connection which is simply 
> terminated in a bridge type "modem" - usually with one DSL port and 
> one Ethernet port. No firewall whatsoever.)

It was a rhethorical question.

I mean, there's no reason why you would start firewalling the inbound
IPv6 traffic to your customers by default, just because you happened to
provide them with a CPE?

It would be terribly inconsistent, in my opinion, to claim that "the
users need to have all inbound IPv6 traffic firewalled for their own
protection", but at the same time claim that CPE-less customers have no
need for such protection. Either they all do, or they all don't.

> My experience is that a product which includes firewalling is
> usually *sold* specifically as such.

Yep.

-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/



More information about the ipv6-ops mailing list