IPFilter status

  IPFilter is very close to finish IPv6 support in Solaris10. I am intending to putback the IPv6 code to onnv(The developed Solaris11) in a couple weeks. After 4 weeks' soak time, Solaris10 update will see the IPv6 packet filtering works. :)

  In addition to functionalities available in IPv4, IPFilter can distinguish the traffice by matching extension header not existant in IPv4. NAT, the main usage in IPv4, is not available any more.
NAT is mainly one solution of IP address shortage, there is no such requirement in IPv6. So simply we skip the feature.

  IP pool is modified to IPv6 enabled from the userland command through the kernel module. Pools of IPv4/IPv6/IPv4&6 address are allowed, which lead to easy management.

  I am wondering if it make much sense to make IPFilter SNMP managable and then easily centralized management. Also I am interested in the idea of GUI interface for the IPFilter. Pls make comments. :)

Comments:

SNMP managed firewall... That sounds like a Particularly Bad Idea (tm)

Posted by patrick on May 23, 2005 at 09:49 PM EDT #

NAT support for IPv6 is still required for some applications such as security or network isolation. It's now even proposed to "... be requirement..." by the US DOD to implement isolated networks in the battlefield. Well, if you are not interested in implementing NAT support for IPv6 then please make sure there is room for a later implementation, sooner (likely) or later you may get a customer request for this feature...

Posted by Felix Schulte on May 24, 2005 at 09:25 AM EDT #

Post a Comment:
Comments are closed for this entry.
About

yukun

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today