关闭ipv6的防火墙有风险吗？

MyDearst

手里的设备j4125倍控4网口226，tp6086

主要需求是魔法，ddns，反代，qb下载，导航页，等乱七八糟的功能

现在是两种方式可选

一种就是软路由加ap，6086直接调个ap，功能都在软路由里
缺点就是没有硬件加速，折腾时出了问题，整个网全炸


另一种就是tp6086主路由加j4125软路由做旁路由，自己也想用这种方法
目前遇到的问题，tp6086的v6的防火墙只有开和关，不能打开单个端口
关掉v6防火墙之后功能全部正常，能把网页反代出去，打开v6防火墙之后就ping不通地址了，


所以特意来问下，一直打开ipv6防火墙的风险，问题不大的话就直接打开了
或者还有什么其他的解决方式吗

eval

打开吧，几乎没有扫ipv6网段的。 太难扫咯

MyDearst

eval 发表于 2024-9-28 20:12
打开吧，几乎没有扫ipv6网段的。 太难扫咯

好滴，谢谢，那就先打开用着，确实也没什么比较好的解决方法

hayse

ipv6扫还是有人扫的，安全要做好，不要指望别人不去扫你。我路由器里的日志
Sat Sep 28 12:48:49 2024 authpriv.info dropbear[27161]: Child connection from 2607:8500:faca:de::130:33260
Sat Sep 28 12:48:49 2024 authpriv.info dropbear[27161]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 12:48:53 2024 authpriv.info dropbear[27182]: Child connection from 2607:8500:faca:de::130:60464
Sat Sep 28 12:48:53 2024 authpriv.info dropbear[27182]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 12:48:56 2024 authpriv.info dropbear[27198]: Child connection from 2607:8500:faca:de::130:60490
Sat Sep 28 12:48:56 2024 authpriv.info dropbear[27198]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 12:48:56 2024 authpriv.info dropbear[27199]: Child connection from 2607:8500:faca:de::130:60504
Sat Sep 28 12:48:57 2024 authpriv.info dropbear[27199]: Exit before auth from <2607:8500:faca:de::130:60504>: Exited normally
Sat Sep 28 17:01:10 2024 authpriv.info dropbear[7499]: Child connection from 2607:8500:faca:de::117:54658
Sat Sep 28 17:01:10 2024 authpriv.info dropbear[7499]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 17:01:14 2024 authpriv.info dropbear[7520]: Child connection from 2607:8500:faca:de::117:54674
Sat Sep 28 17:01:14 2024 authpriv.info dropbear[7520]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 17:01:15 2024 authpriv.info dropbear[7526]: Child connection from 2607:8500:faca:de::117:56308
Sat Sep 28 17:01:16 2024 authpriv.info dropbear[7526]: Exit before auth from <2607:8500:faca:de::117:56308>: Exited normally
Sat Sep 28 17:01:19 2024 authpriv.info dropbear[7551]: Child connection from 2607:8500:faca:de::117:56318
Sat Sep 28 17:01:19 2024 authpriv.info dropbear[7551]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 17:01:19 2024 authpriv.info dropbear[7552]: Child connection from 2607:8500:faca:de::117:56334
Sat Sep 28 17:01:20 2024 authpriv.info dropbear[7552]: Exit before auth from <2607:8500:faca:de::117:56334>: Exited normally
Sat Sep 28 18:07:09 2024 authpriv.info dropbear[27856]: Child connection from 2607:8500:faca:de:c8bd:4eff:fe38:c723:45650
Sat Sep 28 18:07:09 2024 authpriv.info dropbear[27856]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 18:07:12 2024 authpriv.info dropbear[27877]: Child connection from 2607:8500:faca:de:c8bd:4eff:fe38:c723:45664
Sat Sep 28 18:07:12 2024 authpriv.info dropbear[27877]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 18:07:16 2024 authpriv.info dropbear[27893]: Child connection from 2607:8500:faca:de:c8bd:4eff:fe38:c723:41244
Sat Sep 28 18:07:16 2024 authpriv.info dropbear[27893]: Early exit: Failed socket address: Socket not connected
Sat Sep 28 18:07:20 2024 authpriv.info dropbear[27914]: Child connection from 2607:8500:faca:de:c8bd:4eff:fe38:c723:41260
Sat Sep 28 18:07:20 2024 authpriv.info dropbear[27914]: Exit before auth from <2607:8500:faca:de:c8bd:4eff:fe38:c723:

Sirlion

扫到海枯石烂说不定能扫到你

ipv6可以给每一粒沙子用

Nospel

不用关v6的防火墙，不是绝对必要别去关
防火墙策略里把v6的icmp协议允许通行就能ping通了
既然除了ping以外，其他功能一切正常，怎么不去怀疑一下是不是只有ping在防火墙上不让通过？

DUIM

Nospel 发表于 2024-9-28 23:18
不用关v6的防火墙，不是绝对必要别去关
防火墙策略里把v6的icmp协议允许通行就能ping通了
既然除了ping以外 ...

TP的IPV6不关默认不通

ssl0008

关了v6防火墙相当于家里的每一个设备都dmz到公网，十分哈人，tplink的防火墙只有全开和全关，所以我换了卵路由阻止所有入站除了nas