[120166] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

daemon@ATHENA.MIT.EDU (Simon Perreault)
Fri Dec 11 07:42:52 2009

Date: Fri, 11 Dec 2009 07:41:59 -0500
From: Simon Perreault <simon.perreault@viagenie.ca>
To: nanog@nanog.org
In-Reply-To: <5217BA53-349E-4EDF-BFFA-D3F5395F36CF@internode.com.au>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Mark Newton wrote, on 2009-12-11 03:09:
> You kinda do if you're using a stateful firewall with a "deny
> everything that shouldn't be accepted" policy.  UPnP (or something
> like it) would have to tell the firewall what should be accepted.

That's putting the firewall at the mercy of viruses, worms, etc. The firewall
shouldn't trust anything else to tell it what is good and bad traffic.

Simon
-- 
DNS64 open-source   --> http://ecdysis.viagenie.ca
STUN/TURN server    --> http://numb.viagenie.ca
vCard 4.0           --> http://www.vcarddav.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[120166] in North American Network Operators' Group

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

daemon@ATHENA.MIT.EDU (Simon Perreault)Fri Dec 11 07:42:52 2009

daemon@ATHENA.MIT.EDU (Simon Perreault)
Fri Dec 11 07:42:52 2009