Some people have claimed that they cannot yet sell
IPv6 Internet access because there is no IPv6 firewall support. According to this ICANN study
this is not quite true. At least 30% of the 42 vendors surveyed, had IPv6 support.
According to this talk many open-source and commercial firewalls supporting IPv6 are available.
- MFfirewall based on Linux is a free/opensource IPv6/IPv4 fully functional Firewall http://code.google.com/p/mf-firewall/
- m0n0wall is based on FreeBSD http://m0n0.ch/wall/screenshots.php
- pfSense is also based on FreeBSD http://pfsense.com/index.php?id=26
- FWBuilder is a management tool that builds filter setups for several different firewalls http://www.fwbuilder.org/archives/cat_screenshots.html
- Checkpoint FW1 NGX R65 on SecurePlatform supports IPv6
- FortiGate/Fortinet supports IPv6 in FortiOS 3.0 and up. Read this technote for more info.
- Juniper SSG (formerly Netscreen) supports IPv6 in ScreenOS 5.4 and up.
- Cisco ASA (formerly PIX) supports IPv6 in version 7.0 and up (Does not currently support Failover)
- Stonesoft has committed to rolling out IPv6 support in 2008 across its StoneGate product line.
Commercial firewall support may be lagging behind OS and router support, but not by much.
The Campus IPv6 Wiki has a more detailed rundown of IPv6 firewall testing and hints for their use here.
You can Build an IPv6 Firewall with OpenBSD.
You can also build an IPv6 firewall with Windows Server 2008.
Vyatta and it's open-source core both fully support IPv6
ip6tables is used to build IPv6 firewalls in both openwrt and dd-wrt. Although dd-wrt
and openwrt are built for wireless routers, you can turn off the wireless interface on these routers and use them as ethernet-to-ethernet routers.
DD-WRT supports IPv6 and runs on a lot of hardware, including the Linksys WRT 160N, IPv6 support is discussed here. (IPv6 firewall support not in the GUI, only from command line as of March 2011)
OpenWRT also supports IPv6 with both tunnelling and native, and also runs on a large amount of hardware, including both the Netgear WGR614L and Linksys WRT54GL. In the US, the WGR614L is stocked at www.amazon.com and the WRT54GL is stocked at Frys Electronics and is available at www.frys.com IPv6 support is discussed here.
Read about other people's experience using an Enterprise IPv6 firewall/IDS http://www3.ietf.org/proceedings/07mar/slides/v6ops-6/v6ops-6.ppt