Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Anton Aylward <anton.aylward@xxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 14:25:01 -0400
  • Message-id: <4C89267D.60703@xxxxxxxxxx>
Anders Johansson said the following on 09/09/2010 02:19 PM:
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done.
No need to port forward 80 on the external interface to A.B.C.D:80 on
some internal host. Or you can say permit inbound :80 just to
A.B.C.D.E.F. And if you want to access port 80 on two machines - no
problem. No need to have one be :80 and the other :81 as is required
with NAT (and makes for hackish URLs).

Except you're not supposed to run external services on the internal LAN at
all, because once a flaw has been discovered, your entire LAN with all its
desktops and everything is wide open. A LAN should be locked down,
completely,
totally, utterly. Saying "with IPv6 you can run services there" is simply not
an argument that wins any favours with me, and I hope any security conscious
admin agrees

+1

--
"The wide world is all about you: you can fence
yourselves in, but you cannot for ever fence it out."
-- JRR Tolkien,
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups