netdev
[Top] [All Lists]

Re: Kernel 2.6 IPV6 Busted

To: netdev@xxxxxxxxxxx
Subject: Re: Kernel 2.6 IPV6 Busted
From: Quantum Scientific <Info@xxxxxxxxxxxxxxx>
Date: Tue, 1 Mar 2005 07:50:00 -0600
Helo: PowerMAC
In-reply-to: <200503011207.34029.vda@port.imtp.ilyichevsk.odessa.ua>
References: <200502270928.44402.Info@Quantum-Sci.com> <20050227133517.578884df.davem@davemloft.net> <200503011207.34029.vda@port.imtp.ilyichevsk.odessa.ua>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: KMail/1.7.1
On Tuesday 01 March 2005 4:07, Denis Vlasenko wrote:
> I don't think future Internet will be safe enough to open
> corporate networks. I definitely won't do it.
> NAT firewall in front of my net is an absolute requirement
> for me.

I agree that security is an absolute must.  It's irresponsible to contend 
otherwise.

But black-box NAT is just *simulating* what a well-made ip6tables firewall 
does much better.  There's no reason every node can't be secure, except the 
expertise of the script designer.  This is why I wish Shorewall would support 
IPV6.

Carl Cook


<Prev in Thread] Current Thread [Next in Thread>