[CentOS] Fedora change that will probably affect RHEL
Gordon Messmer
gordon.messmer at gmail.com
Tue Jul 28 21:51:47 UTC 2015
On 07/28/2015 02:08 PM, Chris Murphy wrote:
> The whole idea of IPv6 is that, with proper authentication and
> encryption, we can access any device anywhere. So firewalling
> everything centrally would appear to break that.
I think you're assuming that IPv6 carries with it a policy, when it is
merely the mechanism.
In IPv6, everything should have a unique, routeable address. Whether you
can reach an address will be subject to local policy in the future, just
as it is now. And just as you cannot currently reach a device in a
Comcast/Xfinity residential network under IPv4, you can't under the
default IPv6 rules either. I would call that the principle of least
surprise.
You can open inbound IPv6 traffic for specific hosts on the routers I've
seen.
More information about the CentOS
mailing list