[CentOS] Fedora change that will probably affect RHEL

Tue Jul 28 21:51:47 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 07/28/2015 02:08 PM, Chris Murphy wrote:
> The whole idea of IPv6 is that, with proper authentication and 
> encryption, we can access any device anywhere. So firewalling 
> everything centrally would appear to break that. 

I think you're assuming that IPv6 carries with it a policy, when it is 
merely the mechanism.

In IPv6, everything should have a unique, routeable address. Whether you 
can reach an address will be subject to local policy in the future, just 
as it is now.  And just as you cannot currently reach a device in a 
Comcast/Xfinity residential network under IPv4, you can't under the 
default IPv6 rules either.  I would call that the principle of least 
surprise.

You can open inbound IPv6 traffic for specific hosts on the routers I've 
seen.