Slashdot Mirror

← Back to Stories (view on slashdot.org)

Obsession With Firewalls Could Hinder IPv6

Posted by Zonk on from the keep-the-chains-off dept.

DosIgriegas writes "The obsession with firewalls in IPv6 may result in some of the quirks of IPv4 reappearing. Ars Technica has an article looking at the topic in depth, exploring the technical challenges of securing the new protocol, and looking a the re-emergence of old problems in new guises. 'Ironically, what's required to make IPv6 work through a stateful firewall is almost identical to what's required to make IPv4 work though NAT. This means the IETF's efforts to keep IPv6 NAT-free in order to make protocols do their job without messy workarounds are defeated by the notion that everything should be firewalled.' If we decide to stick with firewalls in IPv6, we'll see many of the same hard-to-diagnose network problems that we have with IPv4."

2 of 278 comments (clear)

  1. I like my firewall, thanks by Carrion+Creeper · · Score: 5, Insightful

    I would say I personally am not obsessed with firewalls per se, I'm obsessed with privacy and security.

    The firmware on a firewall also has a much smaller amount of code to debug in order to make sure that it will function properly all the time. I would never assume that my Windows XP machine was properly patched with enough confidence to plug it straight into a cable modem all the time.

    I am also not interested in having each computer in my home being identified and tracked individually, and I don't pirate software or download music. As such, even if the need for NAT is removed, I would still be highly interested in purchasing a device to block incoming connections and mask my IP address (maybe by swapping with other devices within my home on certain connections).

  2. Re: Privacy Concerns? by FreezerJam · · Score: 5, Insightful

    Not to mention your average consumer ISP, which, like a cable company, would love to start charging "per outlet".

    Much as a NAT-less world might be easier to build and debug, I think I'm happier if my network connection is like my electric connection.

    One connection delivers: all electric energy / all bits
    I can go up to a max of: 200 amps / 5 Mbps
    I might still be billed: by energy used / by gigabytes sent
    But I don't pay extra: for more outlets / for more devices
    I cover all the costs: of the electric panel / of the router

    Handing someone else the information to break the above model is not something I want to do.