On Thu, Jul 17, 2014 at 11:23 AM, Baptiste Jonglez <[email protected]> wrote: > ... without having to explicitely configure your firewall.
And this is the opinion that I, and many others, disagree with. I look at it from the principle of minimizing the worst case scenario. We could allow all (or some, like ports >1024) incoming traffic by default; the worst case scenario is that the user's machine gets compromised. We could deny all incoming traffic by default; the worst case scenario is that a peer-to-peer service—which not all users actually use—doesn't work until the user opens up their firewall, either manually or by enabling UPnP/NAT-PMP/PCP. IMO, the latter is the the much less costly scenario, and follows the best security practice of deny-by-default, IETF RFCs notwithstanding. -- Soren Harward _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
