|
|
|
|
|
|
by adrian_b
1755 days ago
|
|
|
I do not know what you mean by "multiple classes of numbers". A firewall must block everything by default. You add then exceptions for the protocols, hosts and ports that you want to allow. Regardless whether you use IPv4 or IPV6, you have the same number of protocols, hosts and ports for which you must add rules. The only disadvantage of IPv6 is that you should be more careful when you copy and paste the host addresses into rules, because the IPv6 addresses are longer and it might be more difficult to notice typing errors in them. On the other hand, you no longer need to add NAT rules. |
|
|
does the firewall discard extension headers from the internets? what about relevant icmp?
public/private interface? ah right, can't tell from a look at the address...
nat-rules are very simple by comparison.
don't get me wrong; i am very happy with adopting an incompatible, new internet protocol for all the app- and smart-shiit.