On Tue, 2013-04-02 at 12:40 +0200, Togan Muftuoglu wrote:
Many people have each computer/device connected to their (isp provided) internet router so there is little if any distinction between INT and EXT connections so far as he firewall is concerned - there is one network connection with one IP address.
In my understanding that is not a good way to limit yourself to outside attacks.
You are correct, security by NAT works by accident, too many people forget that, however, what if one day, your ISP reset your connection without telling you, and when you automatically reconnect, you find yourself with an IPv6 address range, NAT no longer exists, you are no longer "protected" by that accidental security, turning on your network equipped VDR or TV which may pref a 6 address, and voila, your "file sharing" from your VDR to the world :) Not to mention the risks anyone using 6 autoconfig takes in that case. At the very least, the home router should be configured to block everything in (including forwarding) that is not explicitly allowed (or RELATED/ESTABLISHED)