Roses are red, violets are blue, everyone is using IPv6, why aren't you? - eviltoast
  • orangeboats@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    5 months ago

    How is this “dropping packets” not applicable to firewalls, then? You are not just going to casually connect to my IPv6 device as we’re speaking. The default-deny firewall in my router does the heavy lifting… just like what NAT did.

    Honestly, it just sounds like you need to brush up on networking knowledge. Repeat after me: NAT is not security.

    • Avatar_of_Self@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      5 months ago

      Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

        • Avatar_of_Self@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

          Holy. Fucking. Shit.

          • orangeboats@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            5 months ago

            Oh come on, are you seriously suggesting that default-deny stateful firewall is not the norm??

            Holy. Fucking. Shit. Indeed.

            You keep on suggesting to me that you really have no idea how networking works. (Which is par on course for people thinking NAT == security, but I digress)

            Let me tell you: All. Modern. Routers. include a stateful firewall. If it supports NAT, it must support stateful firewalling. To Linux at least, NAT is just a special kind of firewall rule called masquerade. Disregarding routers, even your computer whether Linux (netfilter) or Windows (Windows Firewall) comes built-in with a stateful firewall.

            • Avatar_of_Self@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

              I never said NAT = security. As a matter of fact, I even said

              It was not designed for security but coincidentally blah blah

              But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

              Let me tell you: All. Modern. Routers. include a stateful firewall.

              I never even implied the opposite.

              To Linux at least, NAT is just a special kind of firewall rule called masquerade.

              Right, because masquerade is NAT…specifically Source NAT.

              I’m just going to go ahead an unsubscribe from this conversation.

              • orangeboats@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                5 months ago

                Were I really strawmanning you? Is “I never even implied the opposite” really true? Quote:

                So, really, you were “correcting” me for you and your specific setup

                Yeah, my “specific setup”… which can be found in virtually all routers today.