As manufacturers of firewalls begin to see support of IPv6 as an important aspect of their products the number of devices that claim to “support IPv6″ or to be “IPv6-ready” grows. Yet, these terms are mostly marketing-speak and generally don’t provide any meaningful information about which IPv6 features are supported and to what extent. So being able to evaluate and compare IPv6 enabled firewalls by yourself becomes more important. Judging the quality just from the data sheets is nearly impossible. How do you perform such an evaluation? IPv6 is more complex than IPv4, there is a lot to learn and testing your firewall’s configuration involves more than simply checking which ports traffic can flow through. In this talk I present the open source tool “ft6″, which enables you to perform a number of security- and conformity-related tests. It allows you to compare different firewalls, improve your setup and assist in migrating to IPv6.
Oliver Eggert graduated from Potsdam University in 2013 where he focused on all things network protocols and security. He has been part of the “IPv6 Intrusion Detection Systems”-Project since 2011 from which ft6 originated.