More pieces of the IPv6 puzzle (Re: ISP with native ipv6 in isarael)
E.S. Rosenberg
esr+linux-il at g.jct.ac.il
Thu Jan 28 21:19:08 IST 2016
2016-01-28 20:37 GMT+02:00 Beni Cherniavsky-Paskin <beni.cherniavsky at gmail.com>:
> Due to bezeq's modem's wifi unreliability, I'm mostly connecting to my
> own wifi router anyway.
> I'd have switched to it completely and use a firewall there, except
> it's old and doesn't support IPv6 at all, and I haven't gotten around
> to buy a new one and/or install *WRT.
I also use bezeq boxes as modem-only and have an OpenWRT box behind
them, TP-Link makes very nice boxes that support OpenWRT (their
cheapest model is the 80NIS 741ND which is very good alue for money)
>
> I'm also a general believer in securing my laptops rather than my
> network, as I'm connecting to any and all wifis when traveling,
> and I've been deliberately running an unsecured wifi for years,
> valuing helping neighbors & passers-by over security (nowdays there is
> no dillema I'm shifting to separate guest networks).
No question that your laptop should be secure but that is no reason to
leave your desktop, printer, NAS, home automation, home security etc.
unsecured.
>
> To some degree, the desire of dropping NAT and having
> world-addressable machines inherently conflicts with the desire to
> have a firewall.
That is non-sense, I worked at several locations with IP addresses as
water and just because we had all our machines (even on WiFi) have
world-addressable IPs didn't mean we didn't have a firewall to limit
access from the outside to be only through the paths we allowed.
There is also no real valid reason to allow the outside world to be
able to scan your inside network.... NAT always sort provided that out
of the box but a good firewall does that even without NAT.
>
> But the wisdom of all this is of course debatable.
More information about the Linux-il
mailing list