top | item 31968207

(no title)

spystath | 3 years ago

I know it's been repeated a million times by now, but NAT is not a replacement for a firewall. Most residential routers are deny in by default so you get zero incoming connections from the internet unless you open the relevant ports, exactly as with NAT.

discuss

roamerz|3 years ago

NAT is id10t proof though. It takes a concerted effort to set a static internal IP then NAT traffic to it and then allow that traffic through the firewall. The other advantage is that it obfuscates the internal addresses. IPV6 is is unnecessarily complex for what it solves. How hard would it have been to just add an additional octet? Pretty sure a large number of those that embrace it just love the opportunity to change something for the sake of change or their boss said do it. I’ll be sticking with IP4 as long as I can or until there is an actual benefit to IP6.

Dagger2|3 years ago

Quite hard, actually, since that's mostly what v6 already does and you can see how many things need to change to accommodate it. Most other parts of v6's design are the same as v4, so it's not really very complicated compared to what we've already got.

(Of course v6 adds more than just one octet, since one additional octet wouldn't be enough even for the current size of the Internet, let alone for future growth. It would be really stupid to go through all this effort, only to have to turn around and do it all again immediately afterwards because you forgot to add enough the first time around.)