On Fri, 8 Nov 2013, John Jason Jordan wrote:
My router has a firewall. Otherwise, I don't know why I should be
concerned. I've used computers behind the router for over a decade
and there has never been a problem. My previous router didn't even
have a firewall, and still never a problem.
I am aware of the existence of /64 IPv6 address space, but I know
zero about it. Does this increase security concerns?
Russell's response is quite good, so I'll just add a few other
data to the mix.
My brand new ASUS wireless router runs Linux under the hood. It has
the typical IPv4 firewall/NAT features and supports IPv6 via its GUI,
but it provides no IPv6 ingress filtering.
It thinks it does. It's got ip6tables running with what appears to be
a decent ruleset, but in reality the rules aren't blocking inbound
traffic. (I verified this using nc to listen on arbitrary ports.)
I had to enable host-based firewalls to manage inbound IPv6 traffic.
Anyway, the lesson seems to be that if you've got a Comcast IPv6
netblock assigned to your router, it's probably best to check that
your firewall is working in IPv6 land as well as IPv4.
--
Paul Heinlein
[email protected]
45°38' N, 122°6' W
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
