LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LCA: IP address exhaustion and the end of the open net

LCA: IP address exhaustion and the end of the open net

Posted Jan 26, 2011 18:38 UTC (Wed) by foom (subscriber, #14868)
In reply to: LCA: IP address exhaustion and the end of the open net by foom
Parent article: LCA: IP address exhaustion and the end of the open net

Oh, and in case it wasn't clear: the lack of uPNP/NAT-PMP IPv6 makes using IPv6 through such a stateful filter a *WORSE* experience than using IPv4 through NAT currently is.

Applications on home endpoints still can't directly accept incoming connections (wasn't the like the whole point of IPv6?), and unlike with IPv4 there was (is?) no widely-accepted/implemented protocol to allow random endpoints to request such access.

IPv6 for the home, if we're to have a stateful firewall between all users and the internet, seems basically useless -- it doesn't enable applications like video chat or p2p filesharing to work any easier or more reliably than on IPv4...

(Log in to post comments)

LCA: IP address exhaustion and the end of the open net

Posted Jan 26, 2011 23:37 UTC (Wed) by drag (subscriber, #31333) [Link]

> IPv6 for the home, if we're to have a stateful firewall between all users and the internet, seems basically useless -- it doesn't enable applications like video chat or p2p filesharing to work any easier or more reliably than on IPv4...

If you have more then one person using the same protocol it can make all the difference in the world.

LCA: IP address exhaustion and the end of the open net

Posted Jan 28, 2011 11:27 UTC (Fri) by i3839 (guest, #31386) [Link]

That is total rubbish.

The way for an application to open an incoming port is, well, to open a socket on that port and listen to it. That's it. It magically works with no stupidity going on.

People have forgotten this because NAT madness and overzealous firewalls have entrenched themselves deeply enough.

You only need a firewall if you, as a user, want to restrict who and what may access what or who else. If applications can change that policy then you can as well have no firewall at all.

Firewalls are overrated. In this case Apple did the right thing and should have ignored all the whiners.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds