-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2019-02-04 at 13:56 +0100, Per Jessen wrote:
Carlos E. R. wrote:
I don't wish to go offtopic. I'm only saying that gadgets inside the house need to communicate with outside to work, and that your chosen firewalling solution must attend to those modern needs.
Anything on the inside communicating with the outside is usually not a problem, as long as the inside initiates the connection. (tcp). With udp, you some times need a different solution.
Yes, that's the current solution used by IoT gadgets. He says he is not using any of those, though. I use one in local mode only, so it is secure.
I don't think that using different networks at home is the appropriate way, limiting functionality.
Hmm, I would say it is both easy and appropriate - with DHCP it is easy to dish out the appropriate addresses and the firewall is easily set up to provide different privileges depending on the subnet. For instance, any unknown (undefined) device on my network is given addresses in a separate range, and given very limited access. This is for friends visiting with mobile devices. Similar with our VoIP devices.
That's a feature I miss on my setup; but on the other hand, I want mutual access between my computer and my gadgets, like the Chromecast: I can launch movies from my computer or phones, and also play movies stored on a local computer. Placing the Chromecast on another vlan would break features. To do that, I had to open ports on those computers. As it is not clear which ports, I opened all (to that IP), hoping to limit them at some point when I find out more. Otherwise, Chrome does not find the Chromecast device. - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXFg9mhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV6dEAnROC5tb4GfjJJQUewLuM aniZYvGHAKCKWGbMCvrK+uxsURELdL1YdY9wMQ== =V8yF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org