IPv6 Firewall on CPEs - Default on or off

Anfinsen, Ragnar Ragnar.Anfinsen at altibox.no
Fri Nov 30 13:35:23 CET 2012

On 30.11.12 11:50, "Guillaume.Leclanche at swisscom.com"
<Guillaume.Leclanche at swisscom.com> wrote:

>We finally agreed with our CPE vendors to implement a 3 -level firewall
>for IPv6:
>- off => no firewall at all -- except sanity filters from RFC
>- low => a list of 60 well-known ports is blocked in incoming direction
>(things like ssh, telnet, remote desktop, vnc, etc.). Some are blocked
>both ways (mdns, dhcpv6, ipp, NetBIOS, SQL, etc.). Everything else is
>open both ways.
>- high => All incoming new connections are blocked, firewall is stateful
>(simulated IPv4 NAT44 security)

Interesting. I will certainly consider this.


More information about the ipv6-ops mailing list