On 4/29/23 05:34, Carlos E. R. wrote:
It sounds much more like you didn't trust your own machines.
I trusted existing machines, but not guest machines. I don't have a separate LAN for them. Even a machine on my Guest Wifi gets given an IP in the same LAN as every other machine. No way to separate them with my existing hardware.
This is exactly what I do with my IPv4 router. I've got physically separate Ethernet connections for trusted computers, for WiFi, and for IOT devices such as smart televisions, light bulbs, security cameras, etc. Thus the untrusted, and possibly malicious, devices have no way to connect to my important hosts. IOT devices are particularly hazardous since their insecurities are legend, and they never get firmware updates once deployed. This separation is what I was unable to do in IPv6 a few years ago. While it might be possible now (different router, etc) I don't see any clear reason to pursue it. My IPv6 "itch" is not that great, and the risks of screwing it up up are real. The concept of separating trust classes of traffic for home networks is valid and is worth taking about here, IMHO. Regards, Lew