| ▲ | kortilla 4 days ago | |||||||
It is an inadvertent firewall. It doesn’t allow unsolicited connections to whatever software is running is running on all of the crap in your house. IPv6 requires a stateful firewall on the router to provide the same protection. Then if you turn that on, it kinda defeats the point. | ||||||||
| ▲ | hnlmorg 4 days ago | parent | next [-] | |||||||
NAT requires a stateful firewall too. In fact all router firewalls are stateful otherwise you’d have to have large ranges of ports permanently open to incoming connections. So you don’t actually need anything different nor special to have the same level of security with IPv6 vs IPv4 + NAT. | ||||||||
| ||||||||
| ▲ | homebrewer 4 days ago | parent | prev | next [-] | |||||||
I think enough consumer routers run upnp servers out of the box that relying on NAT as a firewall is very unreliable. Have a look at upnp state table on your router, you might be surprised at things that have poked holes for the whole world to hammer at without you noticing. | ||||||||
| ||||||||
| ▲ | Dagger2 3 days ago | parent | prev | next [-] | |||||||
It's an imaginary firewall. NAT won't stop unsolicited connections in to your network -- if anything, its entire purpose is to do the exact opposite of that. If you actually want to block inbound connections when you're doing NAT, you need the stateful firewall anyway. At that point, pretty much the only thing NAT is doing for your security is making it harder to understand what's going on. | ||||||||
| ▲ | unethical_ban 4 days ago | parent | prev [-] | |||||||
Having a default deny policy for traffic to your network doesn't defeat the point of IPv6 or direct routing. | ||||||||