#17241: Barrier Breaker: don't reject inbound IPv6 by default
-------------------------+-------------------------------------
Reporter: anonymous | Owner: developers
Type: enhancement | Status: new
Priority: normal | Milestone: Barrier Breaker (trunk)
Component: packages | Version: Trunk
Keywords: |
-------------------------+-------------------------------------
The firewall in OpenWrt Barrier Breaker RC1 rejects WAN-to-LAN IPv6
connections by default. I'd argue that this is not the right behavior and
this kind of filtering should be left to the end hosts themselves. Unlike
some IPv4-only devices that were designed for the NAT world, IPv6 stuff
expects unfiltered inbound connectivity. Filtering IPv6 is unnecessary and
will only cause headaches to our users. It should be opt-in, not opt-out.
Before anyone says the firewall should stay this way and suggests enabling
PCP: Firewalled IPv6 + PCP has the same behavior as unfiltered IPv6,
except the former brings needless extra complexity. In both cases there's
exactly the same amount of security.
I must add that most router manufacturers that I know of are not filtering
inbound IPv6 by default. Filtering IPv6 in OpenWrt could then make it a
not-so-great experience for new users who install OpenWrt on their
routers.
As the first release with IPv6 enabled by default, this is time to make
these decisions. We are setting an example here as to how we want this new
Internet to work. Let's not help break IPv6 before it even takes off.
--
Ticket URL: <https://dev.openwrt.org/ticket/17241>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
