[OpenWrt-Devel] OpenWRT IPv6 firewall
Baptiste Jonglez
bjonglez at illyse.org
Thu Jul 17 11:23:43 EDT 2014
On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote:
> Hello guys,
>
> This discussion if becoming each day more confusing for something, which for
> me, is very simple assuming the following:
>
> - IPv6 as IPv4 should block *any incoming connection* on the WAN
> interface including those directed to the LAN IPs behind it.
As explained before: this is a mostly unavoidable fact for IPv4, because
of NAT.
Now, if this is avoidable, such as with IPv6, does it have any
justification? Does your "should" comes from a RFC? From common sense?
From a widely accepted practice? Security comes into mind, but the
proposal is *not* about disabling the firewall completely.
As for the usage, any application that is not purely client/server needs
to be reachable from the outside. You may want to use peer-to-peer
applications (voice chat, video chat, file sharing, etc) without having to
explicitely configure your firewall. Btw, this is why protocols such as
UPnP, NAT-PMP, or PCP have been developped.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140718/bfe0a4e3/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list