UPnP/IPv6 support in home routers?

Holger Zuleger Holger.Zuleger at hznet.de
Mon Dec 11 18:11:15 CET 2017

>> That said, I think the IPv6 firewalls need better home connectivity
>> support as well. I once put in a ticket to Fortinet to ask if there
>> could be made an ACL object that tracked the prefix mask delivered via
>> DHCP6_PD, such that we could write policies such as
>> 	  allow remote_ipv6_address ${PREFIX1}::1f5d:50 22
> Which is about the only thing that makes sense.
But only for (somehow) fixed interface identifier (IID).
With RFC7217 based IIDs this one will change together with the prefix
(which is, in fact not useful for desktop devices).

>> But that couldn't be impressed on the first tiers of support
>> what-so-ever.  That totally confused them to no end. 
> ... but that is the standard vendor response.  "Huh, what?".  :-(
> AVM gets this somewhat right for directly connected hosts, but for 
No. The AVM mechanism is based on fixed IIDs as well *and* requires that
the link local interface identifier is the same as the one used for the
global address.

> DHCPv6-PD delegated prefixes, ACL support was "close! all!  always!" 
> for the longest time, and only recently they made it work better...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20171211/112f779d/attachment-0001.bin 

More information about the ipv6-ops mailing list