On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote: > Hello guys, > > This discussion if becoming each day more confusing for something, which for > me, is very simple assuming the following: > > - IPv6 as IPv4 should block *any incoming connection* on the WAN > interface including those directed to the LAN IPs behind it.
As explained before: this is a mostly unavoidable fact for IPv4, because of NAT. Now, if this is avoidable, such as with IPv6, does it have any justification? Does your "should" comes from a RFC? From common sense? From a widely accepted practice? Security comes into mind, but the proposal is *not* about disabling the firewall completely. As for the usage, any application that is not purely client/server needs to be reachable from the outside. You may want to use peer-to-peer applications (voice chat, video chat, file sharing, etc) without having to explicitely configure your firewall. Btw, this is why protocols such as UPnP, NAT-PMP, or PCP have been developped.
pgp6zyg1Wy0d7.pgp
Description: PGP signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
