Comment by Gigachad
17 days ago
It’s the same layer. On router admin panels it’s literally the same UI for firewall rules and nat port forwarding. If you went in to your router admin and allowed all ports on v4 it would be exactly the same as allowing all on v6. The router will happily forward all connections to v4 devices the same.
> If you went in to your router admin and allowed all ports on v4 it would be exactly the same as allowing all on v6. The router will happily forward all connections to v4 devices the same.
Forward to where?
You have to actively say "forward port 80 to 192.168.0.2". Port 80 can't be forwarded to 192.168.0.2 and 192.168.0.3.
Where allowing all traffic means you can talk to 2100:xxx::192.168.0.2 and 2100:xxx::192.168.0.3
Yes, you can't expose multiple computers at the same time on v4, but you certainly can expose one, in exactly the same UI you exposed v6. And then that one you exposed has full access to the local network beyond the firewall to expose the rest.
The argument seems silly almost like "I deliberately shot myself in the foot, but with v4 I could only shoot one foot at a time while v6 lets me shoot both". The answer is to just not shoot yourself in the foot, since you have to make a deliberate effort to do this in the first place, just not doing that is the answer.