The router does have a firewall but it blocks everything inbound by default. Some routers (at least mine) do not offer the granularity to filter traffic for certain devices (no NAT either). It’s either allow all in or nothing.
When you enable IPv6 and switch off the firewall (since you can’t host anything otherwise), every device becomes exposed to the internet.
Then unless the devices have a firewall themselves, all is exposed. Not just the web services, ssh and the rest as well.
There was a way around it however but not something everyone will be able to do with their home router. I had to ssh to the router using ISP admin credentials leaked on the internet, then create a file in init.d that loads a custom iptables file with the firewall rules I needed for IPv6. NAT for IPv6 however was not supported by the kennel used for my router.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
The router does have a firewall but it blocks everything inbound by default. Some routers (at least mine) do not offer the granularity to filter traffic for certain devices (no NAT either). It’s either allow all in or nothing.
When you enable IPv6 and switch off the firewall (since you can’t host anything otherwise), every device becomes exposed to the internet.
Then unless the devices have a firewall themselves, all is exposed. Not just the web services, ssh and the rest as well.
There was a way around it however but not something everyone will be able to do with their home router. I had to ssh to the router using ISP admin credentials leaked on the internet, then create a file in init.d that loads a custom iptables file with the firewall rules I needed for IPv6. NAT for IPv6 however was not supported by the kennel used for my router.