[fw-wiz] IPv6 support in firewalls

I suppose I should begin by answering "why the interest in IPv6?"
question. Simply put, we are running out of IPv4 addresses (yeah, I
know, the Sky is Falling, NAT will save us forever...). Based on current
consumption rates, some folks speculate that the remaining addresses
not yet distributed by IANA will be exhausted by 2009.

More importantly, the space is horribly fragmented and it's becoming
increasingly difficult for RIRs to acquire and allocate large numbers of
IP addresses in contiguous blocks.

Whether you believe IPv4 address exhaustion is imminent or not, I choose
to consider a related concern. I'm not convinced we can even meet the
modest (that's as polite as I can be) security baseline we achieve with
IPv4 security products with available IPv6 security products. What
little I've learned in the short time I've spent asking security
companies about IPv6 support isn't encouraging.

What do I want from you?

If you who have IPv6 in a production environment and are willing to
share some information about the firewall you're (presumably) using to
enforce security policy, please contact me offline? I've begun a study
of the state of security preparedness for IPv6 and would like to learn
what firewall you're using, how the feature set compares to IPv4, etc.

I'm mostly interested in commercial firewall software and appliances but
if you're using FreeBSD or other open source solution I'd be curious to
learn how large a user population you are supporting, hardware
considerations, etc.

If I get enough information, I'll post a summary message to the list.

begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: ipv6 question
    ... different addresses some how bestows upon you some measure of security.. ... IPv6 also has a number of security advantages over IPv4, ... NOT mandate the USE of IPsec. ...
    (Fedora)
  • Re: [SLE] ipv6? -- IPv6 is actually a dream (and theres common FUD)
    ... I said IPv6 has _no_additional_ security issues over IPv4. ... Bryan blabbered around alot and made big noise on his solitary haystack, trying to be the biggest cock, but the result remains the same: he couldn't supply a URL because no such firewall exists. ...
    (SuSE)
  • Re: [fw-wiz] IPv6 support in firewalls
    ... combat against the IPv6 flaws, i am not surprised that china has converted ... The movement from IPv4 to IPv6 would not be seamless, ... I have read Marcus book on security, and it has been an immense help. ... know, the Sky is Falling, NAT will save us forever...). ...
    (Firewall-Wizards)
  • Ip6tables [was: IP6tables and sendmail]
    ... I haven't yet though disposed of my IPv4 stack. ... What I had in mind was that enabling automatic loading of IPv6 by ... get only IPv4 firewall, but IPv6 is left wide open. ... and getting rid of IPv4 stack. ...
    (Fedora)
  • Re: [opensuse] SuseFirewall IPv4 vs IPv6
    ... You seem to have forgotten the original problem. ... When I run nmap for IPv4, it shows only ssh and imaps open, ... But with IPv6, several ports are open that shouldn't be. ... running it from outside the firewall) and check the logs. ...
    (SuSE)