That is the purpose of a firewall. Speaking of which...how do exsiting ipv4 firewalls interact with IPV6? Most probably they don't. For instance, iptables deals only with IPv4, ip6tables with IPv6.
Yep.
Many of the ipv6 solutions I see use ipv4 some for of encapsulation to get across "ipv6-dead zones".
This is true, and can be 'interesting'.
So isn't that an open path into your network if your firewall is ipv4 only? Or are all firewalls easily upgraded to ipv6?... If you're connected to IPv6 and your firewall doesn't set up any rules for IPv6, then yes, you're wide open.
That is the safest assumption. The biggest concern here is that most organizations filter outgoing traffic to some extent, block some traffic, etc... In many cases an internal IPv6 host can end up with full Internet access via encapsulation as many times this isn't something IPv4 firewalls have been set up to deal with. Inbound firewall rules are usually deny-everything-except-what-I-expect, outbound rules are often much more confusing (of course, if your outbound rule is allow-everything then IPv6 access is a given anyway). -- openSUSE http://www.opensuse.org/en/ Linux for human beings who need to get things done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org