[clug] IPv6 Australia?
Peter Barker
pbarker at barker.dropbear.id.au
Fri Jul 25 00:37:24 GMT 2008
On Fri, 25 Jul 2008, Robert Edwards wrote:
> those devices have a very small CPU (and carbon foot-print) and I
> don't want to have to set up all sorts of firewall rules on them or
> on their behalf on my stateful firewall. They have absolutely no need
> to be visible from the rest of the Internet and rarely need to connect
This argument is bogus. You know the adage with firewalls - "that which
is not explicitly allowed is denied" (or dropped, should you be of that
persuasion ;).
If something should need to talk to those devices (or those devices should
need to talk to something on the outside) then your firewall should need
to be explicitly configured to do so, as you have done for your web server
under ipv4. Just because they *can* easily be addressed under ipv6
doesn't mean that they *should* be easily contacted.
I'm looking forward to ipv6, or something like it. I've only just set up
ekiga on my desktop here, and on my parent's machine down in Barham - it
lets them see (very small) moving pictures of their descendants... Thing
is - currently we need to use a "stun" server. I haven't found a free
STUN server in Australia yet, so we're going via the states - 300ms
latency. It's entirely possible I may be able to get around this with
suitable application of port-forwarding, packet rewriting, aadvark blood
and time. NOT having to do it, rather just allowing the desktops to be
addressed would be *far* preferable AFAICS. (aside: I could also go back
to playing with asterisk, I guess...)
> Bob Edwards.
Yours,
--
Peter Barker | Programmer,Sysadmin,Geek.
pbarker at barker.dropbear.id.au | You need a bigger hammer.
:: It's a hack! Expect underscores! - Nigel Williams
More information about the linux
mailing list