nanog mailing list archives

Re: NAT firewall for IPv6?

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Tue, 5 Jul 2016 21:22:15 +0200

On 5 July 2016 at 17:40, Lee <ler762 () gmail com> wrote:


Right.  But how long is it going to take to secure the Palo Alto firewall?
If the central Cisco Catalyst really is an IPv6 router, doing a
conf t
ipv6 access-list denyIPv6
  deny ipv6 any any

interface [whatever connects to the ISP]
 ipv6 traffic-filter denyIPv6 in
 ipv6 traffic-filter denyIPv6 out
end
would be a quick fix for the firewall not doing any ipv6 filtering.


Nope, that is not going to stop his IPv6 address from appearing, which I
will bet you good money is in the range of fe80::/64.

Current thread:

NAT firewall for IPv6? Edgar Carver (Jul 05)
- Re: NAT firewall for IPv6? Spencer Ryan (Jul 05)
- RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
  - Re: NAT firewall for IPv6? Lee (Jul 05)
    - RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
    - Re: NAT firewall for IPv6? Lee (Jul 05)
    - Re: NAT firewall for IPv6? Baldur Norddahl (Jul 05)
    - Re: NAT firewall for IPv6? A . L . M . Buxey (Jul 05)
    - Re: NAT firewall for IPv6? Jason R (Jul 06)
- RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
  - Re: NAT firewall for IPv6? Dovid Bender (Jul 05)
- Re: NAT firewall for IPv6? Valdis . Kletnieks (Jul 05)
  - Re: NAT firewall for IPv6? Bruce Curtis (Jul 05)
  - RE: NAT firewall for IPv6? Naslund, Steve (Jul 05)
- Re: NAT firewall for IPv6? Brielle Bruns (Jul 05)
- Re: NAT firewall for IPv6? A . L . M . Buxey (Jul 05)
  - Re: NAT firewall for IPv6? Spencer Ryan (Jul 05)

(Thread continues...)