Comcast is one of the biggest IPv6 ISPs though?
Comment on Discord lowers free upload limit to 10MB: “Storage management is expensive”
KillingTimeItself@lemmy.dbzer0.com 1 week agoIF ONLY WE COULD USE IPV6 WE WOULDNT BE HAVING THIS PROBLEM
YES FUCK YOU TOO COMCAST.
Strykker@programming.dev 1 week ago
Gonna be real here, I’m in tech, there is no fucking way I’m gonna open my PC to the entire fucking internet. Vulnerabilities are everywhere and no code is perfect. Firewalls and nat help stop so many attacks from the start.
Even if ipv6 is common I will assume most implementations will be nat based.
FrederikNJS@lemm.ee 1 week ago
IPv6 does not require you to open your machine to the Internet, even without making use of a NAT. Sure you get an IP that’s valid on the whole internet, but that doesn’t mean that anyone can send you traffic.
maxwellfire@lemmy.world 1 week ago
You definitely use a firewall, but there’s no need for NAT in almost all cades with ipv6. But even with a firewall, p2p becomes easier even if you still have to do firewall hole punching
KillingTimeItself@lemmy.dbzer0.com 1 week ago
brother, use a firewall. NAT does nothing for this, a single stateful firewall will do more for device security than a NAT existing solely by itself.
A nat doesn’t even do anything other than provide some basic level of device anonymity. If you didn’t have a firewall it would still be accessible, you would just need to either be really good at guessing ports, or sniff for traffic that’s relevant lol.
Strykker@programming.dev 1 week ago
Except the NAT device will stonewall traffic on every port except the ones I open, for my entire network, and then I can just worry about securing the software listening on those few ports, instead of having to worry about the firewalls on every device I own.
KillingTimeItself@lemmy.dbzer0.com 1 week ago
that’s literally what a stateful firewall does.
It only allows corresponding return traffic to outgoing traffic that a device has internally sent outwards.
if you disabled that, it wouldn’t do that. But even a NAT without a stateful firewall might end up doing this depending on how it’s configured and your open ports due to how the forwarding is handled. This is how we get around NATing for P2P traffic, though the trick is to just send two NATed users to the others ip and port at the same time to establish a connection that can “isAlive” from there. If you had no firewall you would only need to know the IP and port to do this.