On Mon, Feb 19, 2024 at 9:44 AM Tim Howe <ti...@bendtel.com> wrote: > FWIW, in the decade we have been providing dual-stack by default, I > have made a bit of a hobby out of testing every CPE and SOHO router > that I get may hands on in my PON lab.
Hi Tim, I have not, so I'll defer to your experience. > I've never once seen a device > that has v6 support and didn't have a stateful v6 firewall on by > default (if v6 was "on"). Acknowledged. So when the user wants to run a home server, their IPv4 options are to create a TCP or UDP port forward for a single service port or perhaps create a generic port forward for every port to a single internal machine. Protocols other than TCP and UDP not supported. They might also have the option of a "bridge" mode in which only one internal host is usable and the IPv4 functions of the device are disabled. The bridge mode is the only "off" setting for the IPv4 firewall. Correct? Their IPv6 options *might* include these but also include the option to turn the IPv6 firewall off. At which point IPv4 is still firewalled but IPv6 is not and allows all L4 protocols, not just TCP and UDP. Also correct? Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
