[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6-PMP?



> In any case, the BEHAVE working group is chartered to deal with this
> issue, and would be a better place for the discussion.

Is it? Seems to me the IETF has historically shied away from firewall
configuration and recommendation issues.

Consider for instance the recent draft NIST IPv6 profiles
(http://www.antd.nist.gov/usgv6-v1-comments.html). They had to make up
their own "Network Protection Device" profile because there wasn't
anything from the IETF they could cite.

Given that reality that home gateways sitting on broadband links
_will_ have firewalls in them, and they _will_ be enabled by default,
maybe we should (even at this late date) try to rectify things for
IPv6.

As much as I am no fan of NAT, NAT is made even worse by the lack of
standards and predictability in what has been deployed.

Will we see the same with firewalls? This is an important question,
given that a premise of IPv6 is to restore end-to-end addressing. We
won't see that if firewalls effectively block all inbound connections
by default.

Thomas