[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: raw thoughts on v6 firewalls
> Behcet Sarikaya wrote:
> Site-local addresses would provide the same functionality
> and therefore there is no need to introduce firewalls into
> v6. Is there anything wrong with the above argument?
Something very wrong, IMHO: you would have to introduce IPv6 NAT if
these hosts have to talk to the outside world.
> Now I understand that it is somewhat orthogonal. Using
> site local addresses the intranet can avoid seeing company
> emails on Google's search engine, but how to avoid having
> ftp sites to be not accessible from the Internet? Maybe
> this is also possible using site local addresses.
Site-local addresses make sense for hosts that *never* have to access
the Internet, neither egress nor ingress. If a host with a site-local
address needs to communicate with the outside, I think that everyone
agrees that it is much preferable to give it a public address as well as
the site-local one rather than using the site-local only and IPv6 NAT.
Michel.