[BBLISA] IPv6 and Firewall traversal

[Edward Ned Harvey]

As I recall from previous discussion here and on other lists...

 

One of the barriers to widespread deployment of IPv6 is fear about security.
People have come to rely on their IPv4 NAT as a form of inbound packet
filter.  So moving forward, it seems only natural that (for people who agree
with this policy) a lot of IPv6 firewalls will need to be configured to
block all inbound IPv6 traffic and permit all outbound.  Unfortunately, this
defeats the main value-add of IPv6, which is peer-to-peer.

 

So logically, it seems natural, a lot of IPv6 firewalls will need to support
things like NAT-PMP, or IGD, so the internal devices can automatically
configure inbound ports to enable peer-to-peer, whilst maintaining a
reasonably secure perimeter firewall.  This allows you to block all
unsolicited inbound traffic, but allow clients to communicate with solicited
peers for firewall traversal.  (And at some point, it seems natural that
some authentication scheme will be necessary, so only specific applications
and/or specific machines will be able to use that functionality, etc.)

 

Now the question I have is ... Neither NAT-PMP, nor IGD seem to support
IPv6.  So what up?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20110330/e6bc612c/attachment.htm