[OpenWrt-Devel] OpenWRT IPv6 firewall
Steven Barth
cyrus at openwrt.org
Thu Jul 17 04:20:09 EDT 2014
Hi Dirk,
thanks for your help. I'll try to add some more documentation for the
IPv6 stuff in the near future.
In general the aim is to make stuff comply with RFC 7084 (successor of
6204) as closely as possible (with only 1 or 2 exceptions on purpose).
In general I'm not sure if anyone has really done a full interop test to
check for compliance with RFCs, though it would be nice if someone
volunteers. My work has been more on a best-effort basis for now. Though
some of the OpenWrt people work closely together with various ISPs so
there are some interoperability tests running and some ISPs even have
provided some information or patches to make OpenWrt work with their
glitches. That doesn't necessarily aid in RFC compliance though ;)
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have reservations about the security
implications. I don't think it makes sense to change the defaults for BB
at this point, that would be totally unexpected and hastily. And I don't
really agree with some of the opinions like "users will get used to
end-to-end IPv6" - in my experience users don't even know what IPv6 is
and does. Nevertheless we should have a discussion about this for CC
probably and I will try to get some more opinions also in the light of
IETF 90 being next week.
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list