On 07/28/2015 02:08 PM, Chris Murphy wrote:
The whole idea of IPv6 is that, with proper authentication and encryption, we can access any device anywhere. So firewalling everything centrally would appear to break that.
I think you're assuming that IPv6 carries with it a policy, when it is merely the mechanism.
In IPv6, everything should have a unique, routeable address. Whether you can reach an address will be subject to local policy in the future, just as it is now. And just as you cannot currently reach a device in a Comcast/Xfinity residential network under IPv4, you can't under the default IPv6 rules either. I would call that the principle of least surprise.
You can open inbound IPv6 traffic for specific hosts on the routers I've seen.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
