That’s not a situation that is going to arise since devices should block all incoming by default. You could need to explicitly poke holes in the Firewall.
Again, it’s a free way to eliminate an attack surface.
It’s a situation that can easily arise… you temporarily disable firewall on device to test something, you install a program that exposed a port and don’t realize it, whatever the case, without a public IP that device isn’t reachable from anywhere except the upstream firewall, which requires explicit NAT/port forwarding rules to allow access. Your devices are isolated by default and must be explicitly routed by policy.
Without NAT/ULA (private ipv6 addresses), your devices are routable by default and must be isolated by explicit policy.
The point is, you don’t need NAT (that’s exclusively ipv4), but you do need private addressing. That’s the point I was responding to.
Without NAT/ULA (private ipv6 addresses), your devices are routable by default and must be isolated by explicit policy.
Yes, that’s where the basic firewall configuration comes in.
I’m running native v6 at home, with no private addressing (Since it was never implemented right in OSs unfortunately), each system has it’s own public IP address, and even an entirely unsecured device is protected since there’s still a firewall between my network and the internet.
That’s not a situation that is going to arise since devices should block all incoming by default. You could need to explicitly poke holes in the Firewall.
Again, it’s a free way to eliminate an attack surface.
It’s a situation that can easily arise… you temporarily disable firewall on device to test something, you install a program that exposed a port and don’t realize it, whatever the case, without a public IP that device isn’t reachable from anywhere except the upstream firewall, which requires explicit NAT/port forwarding rules to allow access. Your devices are isolated by default and must be explicitly routed by policy.
Without NAT/ULA (private ipv6 addresses), your devices are routable by default and must be isolated by explicit policy.
The point is, you don’t need NAT (that’s exclusively ipv4), but you do need private addressing. That’s the point I was responding to.
What’s stopping you from accidentally port forwarding?
For that matter, sometimes ISPs route private addresses even though they aren’t suppose to.
Yes, that’s where the basic firewall configuration comes in.
I’m running native v6 at home, with no private addressing (Since it was never implemented right in OSs unfortunately), each system has it’s own public IP address, and even an entirely unsecured device is protected since there’s still a firewall between my network and the internet.