[ppml] ripe-55/presentations/bush-ipv6-transition.pdf

michael.dillon at bt.com michael.dillon at bt.com
Fri Oct 26 16:03:17 EDT 2007


> >Linux iptables has had IPv6 support since 2001 so I can't 
> believe it is 
> >so hard to find a v6 firewall.
> 
> You can download an IPv6 firewall for Windows XP from here:

> Earthlink produced IPv6 firmware for the  Linksys WRT54G you 
> can fetch from here:

Right, so not only has IPv6 firewall technology been around since 
at least 2001 (if not longer) it is now already making its way
into consumer products as well.

According to this talk
<http://www.guug.de/veranstaltungen/ecai6-2007/slides/2007-ECAI6-Status-
IPv6-Firewalling-PeterBieringer-Talk.pdf> commercial firewalls
supporting IPv6 are available.

IPCop is based on Linux
<http://www.ipcop.org/index.php?module=pnWikka&tag=IPCopScreenshots>

m0n0wall is based on FreeBSD
<http://m0n0.ch/wall/screenshots.php>

pfSense is also based on FreeBSD
<http://pfsense.com/index.php?id=26>

FWBuilder is a management tool that builds filter setups for several
different firewalls.
<http://www.fwbuilder.org/archives/cat_screenshots.html>

Checkpoint FW1 NGX R65 on SecurePlatform supports IPv6

FortiGate supports IPv6 in FortiOS 3.0 and up.

Juniper SSG (formerly Netscreen) supports IPv6 in ScreenOS 6.0 and up.

Cisco ASA (formerly PIX) supports IPv6 in version 7.0 and up.

I suspect that the people complaining about IPv6 support are partially
complaining because they have older hardware that the vendor does not
plan to upgrade to IPv6 support until they have all features implemented
in their newer products, and partially complaining because their vendor
has not implemented some feature which they happen to use.

Commercial firewall support may be lagging behind OS and router support,
but not by much. And if commercial vendors are not responsive, maybe you
should try pricing out an open source solution with a consultant. I
believe there is a gap here that startup firewall companies could fill
if they understand the enterprise market.

--Michael Dillon



More information about the ARIN-PPML mailing list