[OpenWrt-Devel] IPv6 firewall and Port Control Protocol (Was: Barrier Breaker 14.07-rc1)

Benjamin Cama benoar at dolka.fr
Thu Jul 17 13:59:03 EDT 2014

Le mercredi 16 juillet 2014 à 21:12 +0200, Sebastian Moeller a écrit :
> 	What is so wonderful about IPv6? Maleware surely will evolve quickly
> to take advantage of a dropped layer of defense…

“Layer of defense”? To most, it will just translate to a brick wall that
will have to be worked around by some other mean because nobody except
advanced user can configure their firewall.

> For experts as you and Benjamin the default does not really matter
> that much you can easily change it to your liking; but think about
> non-experts.

I totally do this for non-experts: non-experts won't ever touch their
default configuration. So, basically, they will have no inbound
connection possible, so manufacturer will find other mean to do whatever
they can to allow for that to happen (as they are doing today with
IPv4). It will just be even less controllable by yourself (custom
protocols, etc). Even if PCP comes: imagine then that device configured
with PCP will be accessible from outside, and… will they be magically
immune to anything this way? They will have to be secured anyway.

> I for one would be quite startled if the switch to IPv6 would expose
> parts of my device zoo that was never configured with that problem in
> mind….

Please, cite me any device today that can be dangerously exposed by an
IPv6 connectivity.

A printer, for example, should be bound (to me) to a link-local (or ULA)
address by default. I don't know any manufacturer who does so (well,
they don't support IPv6 anyway…).

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list