That said, the sheer size of the IPv6 address space makes opportunistic portscanning basically impossible, so you get a certain amount of protection from that.
@Floppy Directly routable, yes. That’s the end to end principle. No NAT.
To get the equivalent protection to a NAT, you must enable a stateful firewall. In Linux terms, you allow inbound packets for ESTABLISHED or RELATED sessions only, while allowing all outbound traffic.
Confirmation is possible by running a Web server in the LAN, and attempting to access it by IP from the WAN. If the firewall is correct, the connection will be refused or time out.
@Floppy No problem. Have fun with the network. 🙂
A social media community hosted in the UK; part of the Mastodon/ActivityPub federated social network, which allows you to follow users on other communities. It's a bit like Twitter but without a single company in control.
This is a volunteer-run community administered by @floppy, and hosted by Mastohost in the UK. Please support our running costs by joining the Open Collective and becoming a backer. Thanks go to our existing backers - this place exists because of them!