On 2010-09-12 01:36, Adam Tauno Williams wrote:
On Sat, 2010-09-11 at 14:56 +0200, Carlos E. R. wrote:
The issue is the reverse. With IPv6 I just unblock SSH (TCP/22). Done. Sooo much simpler. HA! That is another can of worms, because I currently have a few gadgets with hardcoded login/password pairs. Yes, of the kind that you can find listed in manuals and FAQs sites in Internet. What, have my TV set with hard disk open to the internet at large, just because I wanted to open ssh to my main computer? Ouch! :-(
BOGUS!
Why would you're TV be exposed because you opened your workstation's / server's TCP/22 port. Firewalls can be as granular as you want/need.
They can, but they will not. The firewall on the ipv6 router, whenever my ISP makes the change (not before) will be as granular as they want - which means, not granular. Their choice.
Worse, some of them do not support ssh, only telnet. Yes, today, current hardware. And probably, hardware that does not support ipv6, either. Crap hardware? Sure. But it is what I can buy. I don't know of any other I can buy that is better in that respect. I would need a really good entry firewall if I were to have ipv6 adsl.
You'd need a standard / normal firewall. Every firewall can open / close a specific address / port.
Not mine. My point is that my current hardware is not prepared for an ipv6 network, and I'm not going to buy new hardware just because you say IPV6 is better. I don't need IPV6. Others may. When my provider makes the switch, and only then, forcing customers to change, will I change. I'm not going to expend money in something I do not need. And so long as providers do not _need_ to change, they will not change, either. -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar))