> Well, even in the home, I still regard there being a need for at least > SOME perimeter defense - at the moment I am leveraging the source > specific routing information to establish clear paths within my > network, and to then also block known to be problematic protocols > originating outside it - like CIFS, and port 80/443/661 from the > outside (way too many default passwords on way too many devices, like > cameras), and for that matter, port 53...
Well we are referencing normative language of RFC 7084 in HNCP, which means that RFC 6092 is a SHOULD for us and with that basically stateful firewalling. > Heh. Well, is there any thinking over there about how to tie this into > mdns or dns, sanely? Well MDNS is the node's own responsibility mostly. Since that is not really platform default everywhere we also specify naming based on hostnames acquired via (stateful) DHCPv6/v4 which is turned on in addition to SLAAC on routers that support it. Our reference implementation uses this - if ULAs are present - only for ULA addresses. With only SLAAC you cannot really do proper naming. Cheers, Steven _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
