IPv6 and Firewall traversal

Bill Bogstad bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Wed Mar 30 20:24:03 EDT 2011


On Wed, Mar 30, 2011 at 5:25 PM, Edward Ned Harvey <blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org> wrote:
>> From: discuss-bounces-mNDKBlG2WHs at public.gmane.org [mailto:discuss-bounces-mNDKBlG2WHs at public.gmane.org] On Behalf
>> Of Edward Ned Harvey
>>
>> So moving forward, it seems only natural that (for people who agree
>> with this policy) a lot of IPv6 firewalls will need to be configured to
>> block all inbound IPv6 traffic and permit all outbound.  Unfortunately,
> this
>> defeats the main value-add of IPv6, which is peer-to-peer.
>>
>> So logically, it seems natural, a lot of IPv6 firewalls will need to
> support
>> things like NAT-PMP, or IGD, so the internal devices can automatically
>
> First of all, I could name some legitimate uses for NAT even in IPv6, so
> what's with the religious anti-nat sentiment.  Relax everyone.
>
> Second of all, the question I asked has no relation to NAT.  Does anyone
> want to re-read the OP and reply about the firewall rules and allowing of
> inbound traffic on IPv6?

Please clarify.  Do you mean statically allowing inbound packets?  Or
'punching holes'
as I suggested in an earlier note at the request of internal systems?

Bill Bogstad





More information about the Discuss mailing list