[OpenWrt-Devel] OpenWRT IPv6 firewall

Steven Barth cyrus at openwrt.org
Thu Jul 17 04:20:09 EDT 2014


Hi Dirk,

thanks for your help. I'll try to add some more documentation for the 
IPv6 stuff in the near future.

In general the aim is to make stuff comply with RFC 7084 (successor of 
6204) as closely as possible (with only 1 or 2 exceptions on purpose). 
In general I'm not sure if anyone has really done a full interop test to 
check for compliance with RFCs, though it would be nice if someone 
volunteers. My work has been more on a best-effort basis for now. Though 
some of the OpenWrt people work closely together with various ISPs so 
there are some interoperability tests running and some ISPs even have 
provided some information or patches to make OpenWrt work with their 
glitches. That doesn't necessarily aid in RFC compliance though ;)

Regarding firewalling: I understand and support your point for 
end-to-end connectivity though there are still quite a few people 
(including myself) who have reservations about the security 
implications. I don't think it makes sense to change the defaults for BB 
at this point, that would be totally unexpected and hastily. And I don't 
really agree with some of the opinions like "users will get used to 
end-to-end IPv6" - in my experience users don't even know what IPv6 is 
and does. Nevertheless we should have a discussion about this for CC 
probably and I will try to get some more opinions also in the light of 
IETF 90 being next week.


Cheers,

Steven
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list