IPv6 Firewall on CPEs - Default on or off
Tore Anderson
tore.anderson at redpill-linpro.com
Wed Nov 28 14:02:09 CET 2012
* Lorenzo Colitti
> On Wed, Nov 28, 2012 at 8:49 PM, Tore Anderson
> <tore.anderson at redpill-linpro.com
> <mailto:tore.anderson at redpill-linpro.com>> wrote:
>
> > - I think we all agree that if the ISP does not provide a CPE, then
> > there should be no firewall. Right?
>
> That would surprise me greatly. Why would a CPE-less user be any less
> needing of a firewall than one who was provided with a CPE?
>
>
> Sorry - what I meant was:
>
> I think we all agree that if the ISP does not provide a CPE, then the
> ISP is not under responsibility to firewall.
>
> Right? Because that's how it works in IPv4.
That's true.
However, it is important to note that the reverse statement - "if the
ISP *does* provide a CPE, then the ISP *is* under responsibility to
firewall" - is not true in IPv4.
So I don't see why it should be true for IPv6, either.
I apologise if I made a straw man here, but I really don't see why a the
presence or absence of a CPE in itself has anything to do with the need
(or not need) for the users to be firewalled by default.
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
More information about the ipv6-ops
mailing list