Why should I? I have a /64 network at home. Do you want to scan 2^64 IPs (18,446,744,073,709,551,616) to get the IP currently used by the laptop which is changed via the IPv6 privacy extension? The only machine having a fixed public IPv6 address, is the IPv6 Gateway. And this one has ip6tables :-) Mit freundlichen Grüßen Lukas Th. Hey Kommunales Rechenzentrum Minden-Ravensberg / Lippe Tel.: 05261 / 252-363 E-Mail: l.hey@krz.de http://www.krz.de Immer up to date sein? update newsletter hier abonnieren! Besuchen Sie den krz- Adventskalender Bitte prüfen, ob diese Mail wirklich ausgedruckt werden muss! -----Ursprüngliche Nachricht----- Von: envygeeks@gmail.com [mailto:envygeeks@gmail.com] Im Auftrag von Jordon Bedwell Gesendet: Montag, 9. Dezember 2013 09:25 An: Hey, Lukas (KRZ) Cc: Debian Betreff: Re: End-user laptop firewall available? On Mon, Dec 9, 2013 at 2:12 AM, Hey, Lukas (KRZ) <L.Hey@krz.de> wrote: > C'mon guys, > > you spend way too much time discussing packet filtering rules and programs for a machine which is hooked up via modem. Of course you can avoid things that "might happen" when dialed up or connected to some public wifi. > > From my point of view: Leave it as it is! I'm far beyond the point where I "need" some bleeding edge Gentoo system on my laptop which is protected by some 80 line iptables setup. Nowadays I have Lubuntu w/o any packet filtering. And there is some public IPv6 in my private network. > > You should rather worry if the announced gateway at the public library > is the real one ;) You use Lubuntu which means you should have UFW installed by default which has those "80 lines" of protection are built-in and is even designed for the average home network. And if you don't use that, I call that ignorant but mostly lazy security because it doesn't take a lot of work to type: "sudo ufw enable && sudo ufw default deny" and "sudo ufw allow <port>" unless you want to start to constrain it by tcp/udp and interface and even then it's not that complicated to type: "sudo ufw allow in on eth0 to any from any port <port> proto <proto>". What it does it mean when you don't even use the tools given to you that are easy?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature