On 4/29/23 05:34, Carlos E. R. wrote:
It sounds much more like you didn't trust your own machines.
I trusted existing machines, but not guest machines. I don't have
a separate LAN for them. Even a machine on my Guest Wifi gets
given an IP in the same LAN as every other machine. No way to
separate them with my existing hardware.
This is exactly what I do with my IPv4 router. I've got physically
separate Ethernet connections for trusted computers, for WiFi,
and for IOT devices such as smart televisions, light bulbs, security
cameras, etc. Thus the untrusted, and possibly malicious, devices
have no way to connect to my important hosts. IOT devices are
particularly hazardous since their insecurities are legend, and
they never get firmware updates once deployed.
This separation is what I was unable to do in IPv6 a few years
ago. While it might be possible now (different router, etc) I don't
see any clear reason to pursue it. My IPv6 "itch" is not that
great,
and the risks of screwing it up up are real.
The concept of separating trust classes of traffic for home networks
is valid and is worth taking about here, IMHO.
Regards,
Lew