----- Original Message ----- > From: "Karl Auer" <[email protected]> > To: [email protected] > Sent: Thursday, 22 July, 2010 4:24:59 PM > Subject: Re: Looking for comments > On Wed, 2010-07-21 at 20:37 -0700, Owen DeLong wrote: > > I can throw a COTS d-link box with > > > address-overloaded NAT on a connection and have reasonably > > > effective > > > network security and anonymity in IPv4. Achieving comparable > > > results > > > in the IPv6 portion of the dual stack on each of those hosts is > > > complicated at best. > > > > > Actually, it isn't particularly hard at all... Turn on privacy > > addressing > > on each of the hosts (if it isn't on by default) and then put a > > linux > > firewall in front of them with a relatively simple ip6tables > > configuration > > for outbound only. > > All respect to someone that knows his stuff, and I do realise that the > OP mentioned small-scale hardware, but in the wider world (and even > the > world of home users as seen from the carrier side) any solution that > says "do <whatever> on every host" is just not workable. As for the > Linux packet filter, that's an exercise for the advanced home user.
On Mac Airport Extreme it is "disallow outside to access internal machines", tick and it is done!
