Hello Baptiste,
Clarifying my point "should" I meant "From common sense" and also "From
Widely accepted practice".
One that may use applications that may need to be reachable from outside
can adjust the firewall manually to reflect that for the desired ports
which is not a big deal, or even by UPnP which is even simpler.
I would say more that depending on the environment if a specific user
prefers, the firewall in the router can allow any traffic to his IP only
and he can control it locally in his machine.
Therefore there are possibilities and these in my opinion are less
costly and more secure to have by default.
Best regards,
Fernando
On 17/07/2014 16:23, Baptiste Jonglez wrote:
On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote:
Hello guys,
This discussion if becoming each day more confusing for something, which for
me, is very simple assuming the following:
- IPv6 as IPv4 should block *any incoming connection* on the WAN
interface including those directed to the LAN IPs behind it.
As explained before: this is a mostly unavoidable fact for IPv4, because
of NAT.
Now, if this is avoidable, such as with IPv6, does it have any
justification? Does your "should" comes from a RFC? From common sense?
From a widely accepted practice? Security comes into mind, but the
proposal is *not* about disabling the firewall completely.
As for the usage, any application that is not purely client/server needs
to be reachable from the outside. You may want to use peer-to-peer
applications (voice chat, video chat, file sharing, etc) without having to
explicitely configure your firewall. Btw, this is why protocols such as
UPnP, NAT-PMP, or PCP have been developped.
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
