C. Multiple Addresses
IPv6 assigns multiple addresses to an interface which challenges
the filtering rules in the firewalls and access control
lists. This is because, unlike IPv4, address based filtering is no
longer feasible when these addresses are autoconfigured, and
when privacy addresses are used (privacy addresses change
periodically). In such cases, a firewall will need to learn all the
addresses dynamically and the filtering rules will need to be
automatically generate-able using sophisticated policy rulesets.
Such capabilities are not available. Therefore simpler formalisms
must be employed that use some kind of identification
tokens instead of addresses in order to identify a host or an
interface. No such identification mechanism is currently defined
at OSI layer 3.