Changes

As a consequence of all of the above changes it is imperative that you ensure that your IPv6-enabled client devices have their IPv6 firewall enabled, and it is protecting the services running on your client. It is also advisable to disable any IPv6 services that you do not require (e.g. tunneling protocols that you are not actively using - this is especially applicable to Windows 7 clients).

As a consequence of all of the above changes it is imperative that you ''ensure that your IPv6-enabled client devices have their IPv6 firewall enabled'', and it is protecting the services running on your client. It is also advisable to disable any IPv6 services that you do not require (e.g. tunneling protocols that you are not actively using - this is especially applicable to Windows 7 clients).

If you wish to verify the operation of your clients' IPv6 firewall then try my [http://ipv6.chappell-family.com/ipv6tcptest/ IPv6 firewall checker] (IPv6 Ping response tester and TCP port scanner).

One other change IPv6 introduces compared to IPv4 is that additional ICMP traffic flows are necessary for normal protocol signalling whereas it was predominantly used for error-case reporting in IPv4 networks. This requires IPv6 firewalls to admit certain [[ICMPv6_Types_Codes]] in order to handle IPv6 address allocation, neighbour discovery and several other IPv6 processes. For many client devices this will be handled directly by the firewall itself, but if you are developing your own IPv6 firewall then you need to ensure you follow [http://www.ietf.org/rfc/rfc4890.txt RFC4890] which includes an ip6tables packet filter example.