Comment by kijin

Ugh, this is part of the reason why I left them, but https://free.fr still does this AFAIR. They were deploying IPv6 to all their consumers well before the other ISPs (more than 15 tears ago), but they have stagnated since.

IPv6 firewall disabled by default. There is only one config for the firewall: on / off. Accept all inbound or reject all inbounding.

To think that they used to brand themselves as "for the geeks", with reverse DNS customization, built-in user-configurable server on the router (all of their routers offer a Wireguard VPN, torrent client, audio output with DLNA & others), a m3u for IPTV, etc. I wouldn't advise anyone to use them due to this issue.

This ticket said they would reopen an internal ticket, back in 2022: https://dev.freebox.fr/bugs/task/27613

Their basic firewall dates back to 2019: https://dev.freebox.fr/bugs/task/27268 (a lot of spam in the replies there). There was none before, and it is still off by default.

This is no small ISP either, they have more than 50 millions clients (including mobile), and are in the top 10 ISPs in Europe. Baffling.

Mine lol. My ISP sent a Nokia Beacon 3.1. When I first logged into its web GUI, it had a "Security" tab with these dropdowns.

Security level

High: Traffic denied inbound and minimally permit common service outbound.

Low: All outbound traffic and pinhole-defined inbound traffic is allowed.

Off: All inbound and outbound traffic is allowed.

It was actually set to "Off" interestingly enough.