On Sat, Mar 03, 2018 at 11:49:35PM +0100, miniupnp wrote: > Le 03.03.2018 à 04:41, Adam Borowski a écrit : > > Obviously, it'd be preferable if the daemon listened on all > > interfaces, but > > if it needs one, the default route is a reasonable answer. > > > You should prefer listening on only "LAN" network interfaces, the ones > which have a RFC 1918 address. > If you have only IPv6, that is a bit more tricky > > UPnP on the internet is a bad idea, no one wants that...
Good point. I haven't seen any other IPv6-enabled home routers (to say that IPv6 adoption among consumer ISPs around here is slow is an understatement), but I see little reason for such a reply to come from a non-fe80::/10 address. Obviously, even the local network is unsafe: public WiFi, regular ethernet with a virus-ridden Windows on it, etc -- but as long as the daemon works right and data is encrypted, damage should be damaged to DoS. Thus yeah, listening by default on interfaces that have a RFC 1918 or fe80::/10 address should work. Current default, 0.0.0.0, doesn't. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can. ⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener. ⠈⠳⣄⠀⠀⠀⠀ A master species delegates.
