IPv6 without an IPv6 firewall on Sky
Posted: Mon Feb 06, 2017 4:01 am
I don't see an issue allowing complete access to everything on IPv6 internally if there all hardened OS client/server devices within the LAN and netbios is on its own IPv4 subnet myself. And segmentation on ipv6 without netbios is done across that IPv4 subnet to not allow a IPv6 route to that ipv4 subnet with the Sky routers when dropping the IPv6 firewall.
On my own setup only Linux servers are completely accessible with all protocols and ports open, but there hardened to the outside world or for testing purposes for security only. And I don't mind dropping the firewall on the perimeter, when I thought about it and reconfigured where necessary after testing for a short period. Netbios is run on my Linux machine, but it's isolated by OpenVPN across a segmented subnet.
And that I did think about last night and this morning during testing...., for security for I wished pinging the IPv6 servers across the internet, which is now done, verified and tested. The segmented subnet was done long ago.
And of course I have an IPv6 firewall with the AirPort Extreme as a security measure, even though everything is hardend or doesn't support IPv6..
On my own setup only Linux servers are completely accessible with all protocols and ports open, but there hardened to the outside world or for testing purposes for security only. And I don't mind dropping the firewall on the perimeter, when I thought about it and reconfigured where necessary after testing for a short period. Netbios is run on my Linux machine, but it's isolated by OpenVPN across a segmented subnet.
And that I did think about last night and this morning during testing...., for security for I wished pinging the IPv6 servers across the internet, which is now done, verified and tested. The segmented subnet was done long ago.
And of course I have an IPv6 firewall with the AirPort Extreme as a security measure, even though everything is hardend or doesn't support IPv6..