|
|
|
|
|
|
by themafia
151 days ago
|
|
|
I don't think you even need a stateful firewall. If it's an IoT device that's not meant to provide services to the internet then it seems to me you can just drop all non local subnet originated traffic and get most of the security you would expect with NAT. |
|
|
Even that is only a partial solution - UPNP hole punching exploits holes in this logic to allow peer-to-peer traffic into a network which otherwise has a default-deny ACL.