On 22 Mar 2024 17:26 +0500, from avbe...@gmail.com (Alexander V. Makartsev): > This is because of how IPv4 network address translation (NAT) works, to > allow multiple LAN hosts to connect to Internet with single IP address > assigned by Internet Service Provider (ISP).
A NAT router might also implement firewalling functionality, but _NAT is not a firewall_. Dropping traffic because it is prohibited (or because it's not allowed) is _not_ the same thing as dropping traffic because the device doesn't know what to do with it. > Now, I don't want to scaremonger and feed anyone's paranoia, but for the > sake of completion, there are known cases in history when router/firewall > had vulnerabilities, or firmware flaws, or configuration negligence, that > allowed perpetrators to 'hack' them, as in gain full access and control over > their firmware and gain network access to LAN hosts. > These cases are extremely rare nowadays and very hard to pull off > successfully, especially if the device owner keeps firmware up-to-date and > configuration tidy. Sure, firewalls can have bugs (which may or may not affect security). But so can software running on a PC. The solution is much the same: use supported software, and install updates promptly. For a firewall, get one where the vendor offers, or can at least be expected to offer, upgrades for a significant amount of time. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”
