This is correct. My router however doesn’t have that level of firewall. It’s either all allowed or nothing is.
This is correct. My router however doesn’t have that level of firewall. It’s either all allowed or nothing is.
The router does have a firewall but it blocks everything inbound by default. Some routers (at least mine) do not offer the granularity to filter traffic for certain devices (no NAT either). It’s either allow all in or nothing.
When you enable IPv6 and switch off the firewall (since you can’t host anything otherwise), every device becomes exposed to the internet.
Then unless the devices have a firewall themselves, all is exposed. Not just the web services, ssh and the rest as well.
Because devices in your LAN will all be accessible from the internet with IPv6, you need to firewall every device.
It becomes more of a problem for IoT devices which you can’t really control. If you can, disable ipv6 for those.
There was a way around it however but not something everyone will be able to do with their home router. I had to ssh to the router using ISP admin credentials leaked on the internet, then create a file in init.d that loads a custom iptables file with the firewall rules I needed for IPv6. NAT for IPv6 however was not supported by the kennel used for my router.