Talk:Why you want IPv6

From LinuxReviews
Jump to: navigation, search

I beg to differ with the article's argument that switching to IPv6 prevents NAT-style filtering. One can just as easily mimic the "lazy man's firewall" effect of NAT with a proper IPv6 firewall.

It's simply a matter of setting default deny on the router for both directions (RST-based deny instead of DROP-based deny, if you want to mimic a "lazy man's firewall" that isn't backed by a proper firewall), using stateful packet filtering, and allowing all outbound TCP SYN, ICMP, and UDP. At that point, you have the same general behaviour as an IPv4 NAT setup with no ports forwarded.

From there, every "pass inbound traffic with this destination IP and port" rule is functionally equivalent to forwarding a port.

Personal tools
hardware tests
Privacy policy
linux events


linux newz | random page | poetry | free blog