On Mar 23, 2014 1:11 PM, "Mark Tinka" <mark.ti...@seacom.mu> wrote: > > On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote: > > > I was at work last week and because I have IPv6 at both > > ends I could just log into the machines at home as > > easily as if I was there. When I'm stuck using a IPv4 > > only service on the road I have to jump through lots of > > hoops to reach the internal machines. > > I expect this to change little in the enterprise space. I > think use of ULA and NAT66 will be one of the things > enterprises will push for, because how can a printer have a > public IPv6 address that is reachable directly from the > Internet, despite the fact that there is a properly > configured firewall at the perimetre offering half-decent > protection?
That is what a firewall is for. Drop new inbound connections, allow related, and allow outbound. Then you allow specific IP/ports to have inbound traffic. You may also only allow outbound traffic for specific ports, or from your proxy.