IPv6 Firewall on CPEs - Default on or off

Tore Anderson tore.anderson at redpill-linpro.com
Wed Nov 28 14:02:09 CET 2012


* Lorenzo Colitti

> On Wed, Nov 28, 2012 at 8:49 PM, Tore Anderson
> <tore.anderson at redpill-linpro.com
> <mailto:tore.anderson at redpill-linpro.com>> wrote:
> 
>     > - I think we all agree that if the ISP does not provide a CPE, then
>     > there should be no firewall. Right?
> 
>     That would surprise me greatly. Why would a CPE-less user be any less
>     needing of a firewall than one who was provided with a CPE?
> 
> 
> Sorry - what I meant was:
> 
> I think we all agree that if the ISP does not provide a CPE, then the
> ISP is not under responsibility to firewall.
> 
> Right? Because that's how it works in IPv4.

That's true.

However, it is important to note that the reverse statement - "if the
ISP *does* provide a CPE, then the ISP *is* under responsibility to
firewall" - is not true in IPv4.

So I don't see why it should be true for IPv6, either.

I apologise if I made a straw man here, but I really don't see why a the
presence or absence of a CPE in itself has anything to do with the need
(or not need) for the users to be firewalled by default.

-- 
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/



More information about the ipv6-ops mailing list