On 14-07-16 08:09 AM, Gert Doering wrote:
Hi,
This actually is a somewhat moot arguments. Devices travel today, and
while your home network and office network might be behind a firewall,
the hotspot you're using while waiting for your train might not be.
So with todays devices, every device needs to be able to protect itself
(i.e.: host firewall, services only accepting connection from "local
network", etc. - windows 7 doing a fairly good job with this today).
The old model "strong firewall, weak devices behind it" is just a thing
not matching reality anymore...
While it may be a good idea for your devices to be designed with this
principle in mind, I don't necessarily trust all of the IPv6 enabled
widgets on my LAN to have been robustly designed with strong local
firewalls and free from bugs that remote attackers could exploit.
Furthermore, It is not true that every service which can be put on a
network, should be put out on the public internet for all to see (ie:
SAMBA/NFS). If someone really wants to expose an NFS share to the
internet, then they should have the know-how to configure their firewall
to do so. Exposing everyones network shares to the public internet by
default is a very bad idea.
Cheers,
Owen
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
