[FS#1132] Default config exposes ipv4 UDP port 68 to the entire Internet
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Nov 1 06:57:12 PDT 2017
The following task has a new comment added:
FS#1132 - Default config exposes ipv4 UDP port 68 to the entire Internet
User who did this - Peter Backes (rtc)
----------
What you say misses the point entirely.
1) It is not necessary to expose the port to the entire internet. It is a potential security risk. Thus, it should not be done. It's that simple.
2) One should not rely on the ISP to block ports for security. Even if some ISPs block ports today (which has nothing to do with routing), they might not do tomorrow and most don't do it today. LEDE is for everyone, not just for those with port-blocking ISPs, a highly questionalbe practice.
And BTW, the rule passes through *all* UDP packets to port 68, not just those with source port 67.
You have not even given a single example of an actual ISP that actually blocks port 68. Not that things would be different if you had, but you're merely speculating. I don't see why you're basing your argument on mere speculations.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1132#comment3735
More information about the lede-bugs
mailing list