You can have IPv6 firewalls emulate the behavior of NAT so it blocks unsolicited inbound traffic while allowing outbound traffic. If you get a /48 form your ISP you could rotate to a new IP address every second for the rest of your life.

▲

throw0101c 2 days ago | parent | next [-]

> You can have IPv6 firewalls emulate the behavior of NAT so it blocks unsolicited inbound traffic while allowing outbound traffic.

Are there any (consumer?) firewalls that do not do this? I know Asus do this (and have for years).

AIUI most 'enterprise' firewalls have a default deny shipped from the factory and you have to actively allow stuff.

▲

iamnothere 2 days ago | parent | prev [-]

Right, but if you’re messing around as a naive learner it’s easy to accidentally disable that or completely open up an IP or range due to a bad rule. It’s a lot harder to accidentally enable port forwarding on a NAT.

▲

degamad 2 days ago | parent [-]

> It’s a lot harder to accidentally enable port forwarding on a NAT.

It's probably less than three clicks on most home router web UIs.

	▲	MisterTea 2 days ago \| parent \| next [-]
		But you have to specify not only the exposed port but also the destination address and port which is not easy to do accidentally. edit: typo
	▲	iamnothere 2 days ago \| parent \| prev [-]
		Very hard to make all those clicks accidentally. But anyway I’m talking about pf/iptables rules, not web UIs.