[OpenWrt-Devel] IPv6 firewall and Port Control Protocol (Was: Barrier Breaker 14.07-rc1)

Owen Kirby osk at exegin.com
Wed Jul 16 13:12:05 EDT 2014


On 14-07-16 08:09 AM, Gert Doering wrote:
> Hi,
>
> This actually is a somewhat moot arguments.  Devices travel today, and
> while your home network and office network might be behind a firewall,
> the hotspot you're using while waiting for your train might not be.
>
> So with todays devices, every device needs to be able to protect itself
> (i.e.: host firewall, services only accepting connection from "local
> network", etc. - windows 7 doing a fairly good job with this today).
>
> The old model "strong firewall, weak devices behind it" is just a thing
> not matching reality anymore...
>
While it may be a good idea for your devices to be designed with this 
principle in mind, I don't necessarily trust all of the IPv6 enabled 
widgets on my LAN to have been robustly designed with strong local 
firewalls and free from bugs that remote attackers could exploit.

Furthermore, It is not true that every service which can be put on a 
network, should be put out on the public internet for all to see (ie: 
SAMBA/NFS). If someone really wants to expose an NFS share to the 
internet, then they should have the know-how to configure their firewall 
to do so. Exposing everyones network shares to the public internet by 
default is a very bad idea.

Cheers,
Owen
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list