IPv6 FW primer?
-
I'm sort of getting my feet wet with IPv6. Unfortunately, it's not just longer addresses (and an annoying notation of these to boot) but also quite different semantics. No broadcast address, various ICMP types are mandatory, it seems that hosts can/do just use all sorts of addresses other than the fixed one assigned to them, etc.
So this makes setting up rules for a dual-stack IPv4/IPv6 environment a bit challenging for someone who's reasonably familiar with IPv4 networking, but a total noob with IPv6, and that in turn is likely also a massive number of security vulnerabilities waiting to happen all over the internet, because I would assume that as IPv6 becomes more prevalent, I'm not going to be the only guy in this boat.
So, thus: is there anywhere on the web a known good primer into IPv6 networking, especially with a particular slant towards best practices for firewall programming?
Also, in pfSense, what types of IPv6 addresses are/not covered when selecting things like "LAN address" or "LAN network", etc.? Only IPv4? Only statically assigned IPv6/IPv4? Does it include the various ad-hoc/autoconf addresses that seem to be in use all over anything that speaks IPv6?
I know this is a totally open-ended question, so in essence I'm just looking for recommendations of good starting points…
-
We have a bit of such a primer in the 2.1 book… cough.
:-)LAN address and LAN network will work with IPv4 and IPv6, depending on what you select for the rule type. It uses the subnet defined on the interface (or tracked if using DHCPv6-PD)
-
We have a bit of such a primer in the 2.1 book… cough.
:-)LAN address and LAN network will work with IPv4 and IPv6, depending on what you select for the rule type. It uses the subnet defined on the interface (or tracked if using DHCPv6-PD)
Thanks. I thought the book for 2.x isn't out yet? Amazon etc. still list the 1.x version…
-
Until the editing/formatting/publishing are complete it's only available to Gold Subscribers