Mailinglist Archive: opensuse (1777 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 06:06:48 -0400
  • Message-id: <1284026808.16809.4.camel@xxxxxxxxxxxxxxx>
On Wed, 2010-09-08 at 21:53 -0400, James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have
to be said to sink in?
It doesn't matter, it still does pretty well as such.
It doesn't do anything that a properly configured firewall can't do.
Start by blocking everything and then allow only what you want.

+1

With IPv6 you just block-all-incoming connections. Done.

That is actually quite a bit *simpler* than NAT + firewall on IPv4. NAT
is actually quite complicated and requires the "firewall" to maintain a
large amount of connection state information. Non-NAT is much less
resource intensive.



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread