[Cialug] Slightly OT - IPv6 sillyness
L. V. Lammert
lvl at omnitec.net
Wed Jul 9 14:44:45 CDT 2014
On Wed, 9 Jul 2014, Jonathan C. Bailey wrote:
> You have ULA with IPv6 (roughly the same as RFC1918), but why? The
> whole point (well, one of them) of IPv6 is to get rid of NAT. Besides,
> NAT shouldn't be treated as a security measure.
>
Guess you've never had Wondoze boxes on your network <g>?
Seriouisly, what is with this attitude [of IPb6 folks]? The FIRST step of
ANY security policy is to block all inbound traffic, and using an offnet
address is the best way to do that.
Does IPv6 mean we are supposed to throw common sense out the window?
> We're running IPv6 in production (have our own /48 from ARIN) and have
> basic/sane firewall rules in place (ie. allow related inbound only). So
> far, it's worked well with very little exposure.
>
Well, would not a private subnet mean *no* inbound exposure?
Lee
More information about the Cialug
mailing list