dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed

stevey_frac

join:2009-12-09
Cambridge, ON
Reviews:
·TekSavvy Cable

1 recommendation

reply to elwoodblues

Re: Status of ipv6 with Canadian ISP

Just because you have a publicly routable IP address, doesn't mean that you have to disable your residential gateway's firewall. You can still get NAT levels of protection with public IPs.

You can still deny incoming connections by default, you can still set up exceptions lists, and do all those wonderful things. You just now have a unique IP in the entire world, instead of only unique within your household. No biggy.


InvalidError

join:2008-02-03
kudos:5

1 recommendation

said by stevey_frac:

You can still get NAT levels of protection with public IPs.

People who believe NAT is magically more secure simply misunderstand why it is so. Stateful firewalling is an intrinsic prerequisite to NAT: can't do NAT without stateful connection tracking to determine which packets belong to which LAN client.

As you said, stateful firewall on IPv6 is every bit as secure as NAT on IPv4: incoming connections get denied by default.