[OpenWrt-Devel] OpenWRT IPv6 firewall

Baptiste Jonglez bjonglez at illyse.org
Thu Jul 17 11:23:43 EDT 2014


On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote:
> Hello guys,
> 
> This discussion if becoming each day more confusing for something, which for
> me, is very simple assuming the following:
> 
>     - IPv6 as IPv4 should block *any incoming connection* on the WAN
> interface including those directed to the LAN IPs behind it.

As explained before: this is a mostly unavoidable fact for IPv4, because
of NAT.

Now, if this is avoidable, such as with IPv6, does it have any
justification?  Does your "should" comes from a RFC?  From common sense?
From a widely accepted practice?  Security comes into mind, but the
proposal is *not* about disabling the firewall completely.

As for the usage, any application that is not purely client/server needs
to be reachable from the outside.  You may want to use peer-to-peer
applications (voice chat, video chat, file sharing, etc) without having to
explicitely configure your firewall.  Btw, this is why protocols such as
UPnP, NAT-PMP, or PCP have been developped.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140718/bfe0a4e3/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list