Mailinglist Archive: opensuse (1777 mails)
| < Previous | Next > |
Re: [opensuse] Moving to IPv6
- From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
- Date: Thu, 09 Sep 2010 06:06:48 -0400
- Message-id: <1284026808.16809.4.camel@xxxxxxxxxxxxxxx>
On Wed, 2010-09-08 at 21:53 -0400, James Knott wrote:
+1
With IPv6 you just block-all-incoming connections. Done.
That is actually quite a bit *simpler* than NAT + firewall on IPv4. NAT
is actually quite complicated and requires the "firewall" to maintain a
large amount of connection state information. Non-NAT is much less
resource intensive.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Per Jessen wrote:
It doesn't do anything that a properly configured firewall can't do.Golly - NAT IS NOT A SECURITY MEASURE! How many times does that haveIt doesn't matter, it still does pretty well as such.
to be said to sink in?
Start by blocking everything and then allow only what you want.
+1
With IPv6 you just block-all-incoming connections. Done.
That is actually quite a bit *simpler* than NAT + firewall on IPv4. NAT
is actually quite complicated and requires the "firewall" to maintain a
large amount of connection state information. Non-NAT is much less
resource intensive.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |