Le mercredi 13 juillet 2011 à 20:48 +1000, Andrew McGlashan a écrit : > Hi, [...] > Many using 3G USB modems are opening themselves up to abuse if (by > default) having their machines directly connected to the Internet. Any > machine that is directly accessible via the Internet _must_ have > suitable security, ie a restrictive firewall at least. I can just > imagine all the Windows laptops (well, not just Windows, but hey), > becoming owned just because they are using a 3G USB modem directly on > their machine without a firewall -- this will be amplified for those on > ANY network that has open slather via IPv6 addressing. NAT-like "security" may be enabled with 2 rules on the router/firewall ISPs send to their customers.
ip6tables -A INPUT -i wan -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A INPUT -i wan -j DROP Actually you need to accept some icmpv6 packets, then we need another rule ;) If ISPs sent their modem/box/router/whatever properly configured (default configuration disallowing incoming connections), there is no more security issues than with the ipv4/NAT setup. -- Bastien Durel -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1310558568.2356.24.camel@data-dev4
