Joe Greco wrote, on 2009-12-11 08:36: > Everyone knows a NAT gateway isn't really a firewall, except more or less > accidentally. There's no good way to provide a hardware firewall in an > average residential environment that is not a disaster waiting to happen. > > If you make it "smart" (i.e. UPnP) then it will of course autoconfigure > itself for an appropriate virus. > > However, your average home user often doesn't change their $FOOGEAR > password from the default of 1234, and it is reasonable to assume that > at some point, viruses will ship with some minimal knowledge of how to > "manually" fix their networking environment. Or better yet? Runs a > password cracker until it figures it out, since the admin interfaces > on these things are rarely hardened. > > If you actually /do/ a really good firewall, then of course users find > it "hard to use" and your company takes a support hit, maybe gets a > bad reputation, etc. > > There's no winning.
Agreed. We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. Thanks, Simon -- DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca vCard 4.0 --> http://www.vcarddav.org