|
|
|
|
|
|
by rfoo
1754 days ago
|
|
|
> There's no magical security behind NAT That's exactly the point. Yes, I know the "security" NAPTv4 provides is just a side effect. But it is what was widely deployed in the field. If you want to push IPv6, you MUST make sure in field appliances match this "side effect" (as a properly implemented firewall). And this is not happening. NAPTv4 with a "block incoming connection" side effect is widely deployed, running on countless CPEs. Proper IPv6 firewall is not. Thus IPv6 is not ready for these users. |
|
|
I've been running IPv6 through my Asus for years now and it's been no different than IPv4. Going to Advanced Settings > Firewall, under "IPv6 Firewall" it says:
> All outbound traffic coming from IPv6 hosts on your LAN is allowed, as well as related inbound traffic. Any other inbound traffic must be specifically allowed here.
It then has a table where you specify traffic to be allowed in to specific internal hosts on particular port (ranges), but since this is IPv6, you don't have to deal with reverse-NATing now.
* https://www.asus.com/us/support/FAQ/1013638/