[fw-wiz] IPv6 support in firewalls

I suppose I should begin by answering "why the interest in IPv6?"
question. Simply put, we are running out of IPv4 addresses (yeah, I
know, the Sky is Falling, NAT will save us forever...). Based on current
consumption rates, some folks speculate that the remaining addresses
not yet distributed by IANA will be exhausted by 2009.

More importantly, the space is horribly fragmented and it's becoming
increasingly difficult for RIRs to acquire and allocate large numbers of
IP addresses in contiguous blocks.

Whether you believe IPv4 address exhaustion is imminent or not, I choose
to consider a related concern. I'm not convinced we can even meet the
modest (that's as polite as I can be) security baseline we achieve with
IPv4 security products with available IPv6 security products. What
little I've learned in the short time I've spent asking security
companies about IPv6 support isn't encouraging.

What do I want from you?

If you who have IPv6 in a production environment and are willing to
share some information about the firewall you're (presumably) using to
enforce security policy, please contact me offline? I've begun a study
of the state of security preparedness for IPv6 and would like to learn
what firewall you're using, how the feature set compares to IPv4, etc.

I'm mostly interested in commercial firewall software and appliances but
if you're using FreeBSD or other open source solution I'd be curious to
learn how large a user population you are supporting, hardware
considerations, etc.

If I get enough information, I'll post a summary message to the list.

fn:David Piscitello
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926

firewall-wizards mailing list

Relevant Pages

  • Re: ipv6 question
    ... different addresses some how bestows upon you some measure of security.. ... IPv6 also has a number of security advantages over IPv4, ... NOT mandate the USE of IPsec. ...
  • Re: [SLE] ipv6? -- IPv6 is actually a dream (and theres common FUD)
    ... I said IPv6 has _no_additional_ security issues over IPv4. ... Bryan blabbered around alot and made big noise on his solitary haystack, trying to be the biggest cock, but the result remains the same: he couldn't supply a URL because no such firewall exists. ...
  • Re: [opensuse] Practicalities of IPv6
    ... Can someone explain what security IPv6 offers over IPv4? ... The approach for security issues with IPv6 and IPv4 is the same. ... you have to be aware that *current* firewall rules aply only ...
  • Re: [fw-wiz] IPv6 support in firewalls
    ... combat against the IPv6 flaws, i am not surprised that china has converted ... The movement from IPv4 to IPv6 would not be seamless, ... I have read Marcus book on security, and it has been an immense help. ... know, the Sky is Falling, NAT will save us forever...). ...
  • Ip6tables [was: IP6tables and sendmail]
    ... I haven't yet though disposed of my IPv4 stack. ... What I had in mind was that enabling automatic loading of IPv6 by ... get only IPv4 firewall, but IPv6 is left wide open. ... and getting rid of IPv4 stack. ...