The question above for the most part, been reading up on it. Also want to it for learning purposes.

  • orangeboats@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    It’s not necessary to firewall every device. Just like how your router can handle NAT, it should be able to handle stateful firewall too.

    Mine blocks all incoming connections by default. I can add (IP, port range) entries to the whitelist if I need to host a service, it’s not really different to NAT port forwarding rules.

      • amki@feddit.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Nothing has changed about why that is compelling: NAT sucks and creates nothing but problems.

        Network security is almost the same with IPv6.

        If you rely on NAT as a security measure you are just very bad at networking.

        • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          1
          ·
          1 year ago

          I mean that, when IPv6 started filtering out to non-specialists, network security wasn’t nearly as complex, and nor was the frequency of escalation what it is today. Back when IPv6 was new(ish), there weren’t widespread botnets exploiting newly discovered vulnerabilities every week. The idea of maintaining a personal network of internet-accessible devices was reasonable. Now maintaining the security of a dozen different devices with different OSes is a full time job.

          Firewalling off subnets and limitting the access to apps through a secured gateway of reverse proxies is bot bad networking. That’s all a NAT is, and reducing your attack surface is good strategy.