Mailinglist Archive: opensuse (1777 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Sat, 11 Sep 2010 14:07:44 +0200
  • Message-id: <4C8B7110.1060004@xxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-09-09 12:08, Adam Tauno Williams wrote:
On Thu, 2010-09-09 at 09:05 +0200, Per Jessen wrote:
James Knott wrote:
Per Jessen wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that
have
to be said to sink in?
It doesn't matter, it still does pretty well as such.
It doesn't do anything that a properly configured firewall can't do.
Start by blocking everything and then allow only what you want.
Sure, but with NAT in his xDSL router, Joe Bloggs doesn't have to do
anything at all.

And what does he have to do with IPv6? Nothing at all! AND all his apps
[and games!] just work. The default firewall on every device I've seen
is block-all-incoming-connections. So nothing changes as far as the
[mythical] joe-user is concerned.


The default in my ISP's suplied adsl router is NO firewalll at all, and NAT.

In fact, to activate the firewall one has to go over hidden config settings -
by hidden I mean:

· export config to a file on a computer.
· edit xml config with an editor.
· activate firewall in that config file.
· upload changed config back to the router.

Forget about the internal web page for configuration, nor telnet; until you do
that, the firewall
config is not accessible.

- --
Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Elessar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkyLcRAACgkQU92UU+smfQWElQCgk5TctT3wxhM66MXiW/FHH4c9
p58An0+nQdpCxfcUPrLSU/lOGrGuc4Ex
=jqCh
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups