undefined | Better HN

0 pointsvoltagex_10y ago0 comments

>normally I block outbound RFC 1918 addresses

I'm assuming LAN traffic still works in this case.

>That is a potential problem should some rogue program on my network attempt to exploit a modem vulnerability. Maybe I'll just block all those addresses and only enable them in the firewall when I want to check the modem status.

I've been looking at scraping my modem interface for info and then blocking all but one PC from accessing the admin interface

0 comments

uxp10y ago

> I'm assuming LAN traffic still works in this case.

Blocking outbound RFC 1918 addresses is a fairly common firewall configuration to prevent any LAN traffic from leaking out into the internet due to weird or misconfigured NAT rules, etc. It doesn't prevent that traffic from traversing the LAN, just if it might try and escape the WAN.

voltagex_OP10y ago

Ah right, that's done by my ISP at the first hop.

j / k navigate · click thread line to collapse