[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Looking for comments

Subject: Looking for comments
From: franck at genius.com (Franck Martin)
Date: Thu, 22 Jul 2010 16:58:41 +1200 (FJT)
In-reply-to: <1279772699.5467.141.camel@karl>


----- Original Message -----
> From: "Karl Auer" <kauer at biplane.com.au>
> To: nanog at nanog.org
> Sent: Thursday, 22 July, 2010 4:24:59 PM
> Subject: Re: Looking for comments
> On Wed, 2010-07-21 at 20:37 -0700, Owen DeLong wrote:
> > I can throw a COTS d-link box with
> > > address-overloaded NAT on a connection and have reasonably
> > > effective
> > > network security and anonymity in IPv4. Achieving comparable
> > > results
> > > in the IPv6 portion of the dual stack on each of those hosts is
> > > complicated at best.
> > >
> > Actually, it isn't particularly hard at all... Turn on privacy
> > addressing
> > on each of the hosts (if it isn't on by default) and then put a
> > linux
> > firewall in front of them with a relatively simple ip6tables
> > configuration
> > for outbound only.
> 
> All respect to someone that knows his stuff, and I do realise that the
> OP mentioned small-scale hardware, but in the wider world (and even
> the
> world of home users as seen from the carrier side) any solution that
> says "do <whatever> on every host" is just not workable. As for the
> Linux packet filter, that's an exercise for the advanced home user.

On Mac Airport Extreme it is "disallow outside to access internal machines", tick and it is done!

Follow-Ups:
- Looking for comments
  - From: owen at delong.com (Owen DeLong)

References:
- Looking for comments
  - From: kauer at biplane.com.au (Karl Auer)

Prev by Date: Looking for comments
Next by Date: Looking for comments
Previous by thread: Looking for comments
Next by thread: Looking for comments
Index(es):
- Date
- Thread