Re: Simple Security - Layered Filtering should be in the document

[Gert Doering <gert@space.net>]

Hi,

On Wed, Jul 29, 2009 at 06:51:15PM +0200, james woodyatt wrote:
> I'm not even aware of any examples of actual current practice in IPv6  
> firewalls.  What do enterprise IPv6 firewalls do here in the DEFAULT  
> configuration?  Probably DENY ALL, I expect... 

Well, enterprise gear tends to have a knob to switch the default policy
for "no rule specifically matched this traffic, so what to do with it?"
from PERMIT to DENY.

> the assumption being  
> that enterprise gear is always configured by experts prior to  
> deployment.  That's not the case for residential simple security, so  
> we have to be more careful.

Right - enterprise gear tends to ship with "out of the box, it does
nothing at all" defaults, assuming that someone "in the know" will set it 
up the way they need it.

Residential is for people that want to plug it in and use it, and do
not understand anything about networking.

Gert Doering
        -- NetMaster
-- 
Total number of prefixes smaller than registry allocations:  128645

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279