[clug] IPv6 Australia?

Peter Barker pbarker at barker.dropbear.id.au
Fri Jul 25 00:37:24 GMT 2008

On Fri, 25 Jul 2008, Robert Edwards wrote:

> those devices have a very small CPU (and carbon foot-print) and I
> don't want to have to set up all sorts of firewall rules on them or
> on their behalf on my stateful firewall. They have absolutely no need
> to be visible from the rest of the Internet and rarely need to connect

This argument is bogus.  You know the adage with firewalls - "that which 
is not explicitly allowed is denied" (or dropped, should you be of that 
persuasion ;).

If something should need to talk to those devices (or those devices should 
need to talk to something on the outside) then your firewall should need 
to be explicitly configured to do so, as you have done for your web server 
under ipv4.  Just because they *can* easily be addressed under ipv6 
doesn't mean that they *should* be easily contacted.

I'm looking forward to ipv6, or something like it.  I've only just set up 
ekiga on my desktop here, and on my parent's machine down in Barham - it 
lets them see (very small) moving pictures of their descendants... Thing 
is - currently we need to use a "stun" server.  I haven't found a free
STUN server in Australia yet, so we're going via the states - 300ms 
latency.  It's entirely possible I may be able to get around this with 
suitable application of port-forwarding, packet rewriting, aadvark blood 
and time.  NOT having to do it, rather just allowing the desktops to be 
addressed would be *far* preferable AFAICS.  (aside: I could also go back 
to playing with asterisk, I guess...)

> Bob Edwards.

Peter Barker                          |   Programmer,Sysadmin,Geek.
pbarker at barker.dropbear.id.au	      |   You need a bigger hammer.
:: It's a hack! Expect underscores! - Nigel Williams

More information about the linux mailing list