People who know IPv6: my ISP supports IPv6 - if I tell me router to use it fully across my home network, would all my home devices become directly routable, thus exposing all their ports and losing the protection of the router? /cc @pikesley

@floppy @pikesley yes, but your router should be firewalling it for you.

(NAT is not a firewall!)


That said, the sheer size of the IPv6 address space makes opportunistic portscanning basically impossible, so you get a certain amount of protection from that.


If you are not using privacy extensions then the much smaller mac address space (by default ipv6 addresses are generated from mac addresses), makes host scanning easier (still hard tho). Also ip's will leak in e.g. email headers, and be visible in weblogs etc.

@russss @pikesley OK that makes sense - hard to find a definite answer for whether my router WILL actually properly firewall it, but I hope so.

@Floppy Directly routable, yes. That’s the end to end principle. No NAT.

To get the equivalent protection to a NAT, you must enable a stateful firewall. In Linux terms, you allow inbound packets for ESTABLISHED or RELATED sessions only, while allowing all outbound traffic.

Confirmation is possible by running a Web server in the LAN, and attempting to access it by IP from the WAN. If the firewall is correct, the connection will be refused or time out.

Sign in to participate in the conversation
Open social media for the UK

A social media community hosted in the UK; part of the Mastodon/ActivityPub federated social network, which allows you to follow users on other communities. It's a bit like Twitter but without a single company in control.

If you use this server, you are required to abide by our Code of Conduct. If you don't like it, there are plenty of other communities you can use.

If you're coming here from Twitter, there are some very useful services to help you find friends and automatically crosspost toots that you might like to set up once you're signed in.


This is a volunteer-run community administered by @floppy, and hosted by Mastohost in the UK. Please support our running costs by joining the Open Collective and becoming a backer. Thanks go to our existing backers - this place exists because of them!

Service status is available from our status page and the @status account.