[OpenWrt-Devel] IPv6 firewall and Port Control Protocol (Was: Barrier Breaker 14.07-rc1)

Benjamin Cama benoar at dolka.fr
Fri Jul 18 05:29:52 EDT 2014

Le jeudi 17 juillet 2014 à 17:03 -0700, David Lang a écrit :
> But the reality is that hackers and worms have shown that leaving systems 
> exposed to the Internet is just a Bad Idea.

Do you mean, all the hackers and worms we see today despite all these
systems being behind blocking firewalls and NATs?

> link-local addressing isn't a good idea, because the average home will have 
> three separate links (wired plus two bands of wireless), these can get bridged 
> together, but that causes problems as well.

For this, you have ULA. It is available in OpenWRT and recommanded by
the RFCs cited earlier.

> But do you really want to see the news stories about how anyone running openwrt 
> is vulnerable to $lastest_windows_exploit but people running stock firmware 
> aren't?

This is nonsense, this will never happen as nobody cares about OpenWRT.

> Yes, it would be ideal if every host was locked down so that it was safe for 
> them to be exposed.

They are exposed anyway, by other means.

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list