[OpenWrt-Devel] IPv6 firewall and Port Control Protocol (Was: Barrier Breaker 14.07-rc1)
osk at exegin.com
Wed Jul 16 13:12:05 EDT 2014
On 14-07-16 08:09 AM, Gert Doering wrote:
> This actually is a somewhat moot arguments. Devices travel today, and
> while your home network and office network might be behind a firewall,
> the hotspot you're using while waiting for your train might not be.
> So with todays devices, every device needs to be able to protect itself
> (i.e.: host firewall, services only accepting connection from "local
> network", etc. - windows 7 doing a fairly good job with this today).
> The old model "strong firewall, weak devices behind it" is just a thing
> not matching reality anymore...
While it may be a good idea for your devices to be designed with this
principle in mind, I don't necessarily trust all of the IPv6 enabled
widgets on my LAN to have been robustly designed with strong local
firewalls and free from bugs that remote attackers could exploit.
Furthermore, It is not true that every service which can be put on a
network, should be put out on the public internet for all to see (ie:
SAMBA/NFS). If someone really wants to expose an NFS share to the
internet, then they should have the know-how to configure their firewall
to do so. Exposing everyones network shares to the public internet by
default is a very bad idea.
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel