Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can have IPv6 firewalls emulate the behavior of NAT so it blocks unsolicited inbound traffic while allowing outbound traffic. If you get a /48 form your ISP you could rotate to a new IP address every second for the rest of your life.


> You can have IPv6 firewalls emulate the behavior of NAT so it blocks unsolicited inbound traffic while allowing outbound traffic.

Are there any (consumer?) firewalls that do not do this? I know Asus do this (and have for years).

AIUI most 'enterprise' firewalls have a default deny shipped from the factory and you have to actively allow stuff.


Right, but if you’re messing around as a naive learner it’s easy to accidentally disable that or completely open up an IP or range due to a bad rule. It’s a lot harder to accidentally enable port forwarding on a NAT.


> It’s a lot harder to accidentally enable port forwarding on a NAT.

It's probably less than three clicks on most home router web UIs.


But you have to specify not only the exposed port but also the destination address and port which is not easy to do accidentally.

edit: typo


Very hard to make all those clicks accidentally. But anyway I’m talking about pf/iptables rules, not web UIs.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: