undefined | Better HN

0 pointshamandcheese4y ago0 comments

With IPv6, it is typical (though not guaranteed) that you will be allocated an entire range of IPs rather than a single one. This then allows you to assign a unique, publicly routable address to every device on your local network.

I’m not sure if consumer hardware commonly supports this, or if it does what kind of firewalling they might do, so I have some slight doubt that IPv6 actually makes the problem Bore solves go away. I probably wouldn’t want every device on my network publicly routable even if it were possible — so even without NAT/port forwarding, there’s still a firewall to configure.

0 comments

geocar4y ago

> there’s still a firewall to configure

All of my desktops and servers and laptops each have their own firewall, and this is good enough to protect against naughty programs who bind to INADDR_ANY instead of ::1 or a uds. I don't need to waste memory and latency on the router doing connection tracking that doesn't buy anything.

> I’m not sure if consumer hardware commonly supports this,

I have not run across consumer hardware that doesn't. I just tried a bunch of netgear, asus, and tplink kit and it was all fine. I've only run into a few ISPs that it didn't work with, and in every case a phone call was able to sort things out (because it had nothing to do with the consumer equipment). I suspect strongly that almost all consumer hardware commonly supports this.

hamandcheeseOP4y ago

> All of my desktops and servers and laptops each have their own firewall

Sure, but there are plenty of devices on my network that I don’t have that sort of control over (i.e. my light bulbs).

geocar4y ago

Get different light bulbs; My light bulbs require a password and route-filter. If yours don't, your firewall isn't protecting you if your computer can reach them because someone can just send you and iframe that pokes your light bulbs.

dcow4y ago

It does make the problem go away. You no longer need to traverse NAT which is what things like Bore and STUN/TURN/ICE do. With IPv6 every device has a public address you don’t really get a choice. Even for IPv4 NAT was an accident and it doesn't protect you from anything, the firewall via contrack does and the firewall still exists in IPv6. If Bore was just “firewall configuration for lazy people” then there are ways that don’t involve a remote server. You can just speak UPnP for instance.

vladvasiliu4y ago

> so even without NAT/port forwarding, there’s still a firewall to configure.

Yes, this is what I've noticed with consumer, ISP-provided routers in France. I think it's a rather good thing, although those same routers usually come with UPnP turned on...

geocar4y ago

It's a consumer router if you can buy it. If only your ISP buys it and they give to you, it isn't a "consumer router".

This has nothing to do with the router and more to do with your ISP. I had a UK provider which did that, but it was easy to swap their router (I did have to give them a call though). Here in Portugal the ISP-provided router was fine, so I am happy to use it.

j / k navigate · click thread line to collapse

0 comments

geocar4y ago

> there’s still a firewall to configure

> I’m not sure if consumer hardware commonly supports this,

hamandcheeseOP4y ago

> All of my desktops and servers and laptops each have their own firewall

Sure, but there are plenty of devices on my network that I don’t have that sort of control over (i.e. my light bulbs).

geocar4y ago

dcow4y ago

vladvasiliu4y ago

> so even without NAT/port forwarding, there’s still a firewall to configure.

Yes, this is what I've noticed with consumer, ISP-provided routers in France. I think it's a rather good thing, although those same routers usually come with UPnP turned on...

geocar4y ago

It's a consumer router if you can buy it. If only your ISP buys it and they give to you, it isn't a "consumer router".

j / k navigate · click thread line to collapse