Search This Blog

Monday, December 27, 2010

firewall-wizards Digest, Vol 54, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: IPv6 (ArkanoiD)
2. Re: IPv6 (Roger Marquis)
3. Re: IPv6 (Devdas Bhagat)
4. Re: IPv6 (sai)
5. Re: IPv6 (Timothy Shea)


----------------------------------------------------------------------

Message: 1
Date: Sun, 26 Dec 2010 21:39:06 +0300
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] IPv6
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20101226183906.GA8046@eltex.net>
Content-Type: text/plain; charset=koi8-r

Well, i am still thinking on implementing ipv6 in openfwtk core components.
Should be relatively easy, but no one requested it so far.

On Sun, Dec 26, 2010 at 11:56:45AM -0500, Paul D. Robertson wrote:
> Is anyone doing anything interesting with v6 and firewalls? We're
> supposedly coming up on the year that v6 will break out, and most
> organizations I know still don't even route it.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> paul@compuwar.net which may have no basis whatsoever in fact."
> Moderator: Firewall-Wizards mailing list
> Art: http://www.PaulDRobertson.net/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>

------------------------------

Message: 2
Date: Sun, 26 Dec 2010 11:28:15 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
Subject: Re: [fw-wiz] IPv6
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <20101226192815.AC50A2B2126@mx5.roble.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

Paul D. Robertson wrote:
> Is anyone doing anything interesting with v6 and firewalls? We're
> supposedly coming up on the year that v6 will break out, and most
> organizations I know still don't even route it.

We're not allowing IPv6 through any firewalls (that I know of) until gear
that'll do NAT66, NAT64, and NAT46 becomes available.

Roger Marquis


------------------------------

Message: 3
Date: Mon, 27 Dec 2010 01:50:55 +0530
From: Devdas Bhagat <dvb@users.sourceforge.net>
Subject: Re: [fw-wiz] IPv6
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20101226202055.GA26765@tin2.nixcartel.org>
Content-Type: text/plain; charset=us-ascii

On Sun, Dec 26, 2010 at 11:56:45AM -0500, Paul D. Robertson wrote:
> Is anyone doing anything interesting with v6 and firewalls? We're
> supposedly coming up on the year that v6 will break out, and most
> organizations I know still don't even route it.

I am looking to start announcing IPv6 early next month. At this point,
Linux and *BSD boxes support IPv6 in their firewall rulesets.

There really shouldn't be much additional complexity with IPv6 in
any good security architecture. It's just another routed protocol,
with longer addresses and IPSec built in.

At the beginning though, we are likely to see simple IPv6 routing
with no AH/ESP.

What will be infinitely more interesting will be the combinations
of IPv4 to IPv6 mapping/NATing/routing which will happen.

Devdas Bhagat


------------------------------

Message: 4
Date: Mon, 27 Dec 2010 07:25:52 +0500
From: sai <sonicsai@gmail.com>
Subject: Re: [fw-wiz] IPv6
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<AANLkTi=J3UEbNhzjcTovCnAAJpqTo4WUzHgtJvQeZ0C+@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Why would you want to NAT66?

On 12/27/10, Roger Marquis <marquis@roble.com> wrote:
> Paul D. Robertson wrote:
>> Is anyone doing anything interesting with v6 and firewalls? We're
>> supposedly coming up on the year that v6 will break out, and most
>> organizations I know still don't even route it.
>
> We're not allowing IPv6 through any firewalls (that I know of) until gear
> that'll do NAT66, NAT64, and NAT46 becomes available.
>
> Roger Marquis
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>


------------------------------

Message: 5
Date: Sun, 26 Dec 2010 22:23:13 -0600
From: Timothy Shea <tim@tshea.net>
Subject: Re: [fw-wiz] IPv6
To: Devdas Bhagat <dvb@users.sourceforge.net>, Firewall Wizards
Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Message-ID:
<AANLkTi=EWdnFavzcis1vHtwQvZo0k5YAQ=QaFQKVv3JP@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

There is much additional complexity in IPv6 regardless of security
architecture. And IPSec being "built in" is irreverent to the debate.

Outside of our government contracts - not even remotely thinking about
IPv6. Maybe in a few more years.

t.s

On Sun, Dec 26, 2010 at 2:20 PM, Devdas Bhagat <dvb@users.sourceforge.net>wrote:

> On Sun, Dec 26, 2010 at 11:56:45AM -0500, Paul D. Robertson wrote:
> > Is anyone doing anything interesting with v6 and firewalls? We're
> > supposedly coming up on the year that v6 will break out, and most
> > organizations I know still don't even route it.
>
> I am looking to start announcing IPv6 early next month. At this point,
> Linux and *BSD boxes support IPv6 in their firewall rulesets.
>
> There really shouldn't be much additional complexity with IPv6 in
> any good security architecture. It's just another routed protocol,
> with longer addresses and IPSec built in.
>
> At the beginning though, we are likely to see simple IPv6 routing
> with no AH/ESP.
>
> What will be infinitely more interesting will be the combinations
> of IPv4 to IPv6 mapping/NATing/routing which will happen.
>
> Devdas Bhagat
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

--
Tim Shea, CISSP
612-384-6810
tim@tshea.net

http://www.linkedin.com/in/timothyshea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20101226/173f6d1a/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 54, Issue 2
***********************************************

No comments: