Allowing IPv6 listen address through ip6tables

Hi! Happy user here–thanks for creating such a great product!

I’ve noticed in our firewall logs Syncthing clients trying to connect to our LAN over IPv6 when they’re on remote WLANs.

I’m happy about this because it shows IPv6 is working, though we presently have ip6tables set to block those direct connections.

I’d like to change this (i.e., allow destination listening port packets through IPv6) but am concerned that will also permit all manner of port fuzzing, etc… I’m wondering how robust Syncthing is against those sorts of probes and attacks.

Thanks!

Sam

Network scanning isn’t really a thing in the IPv6 world. The address space is just too huge for that. Scanning a single known host would only tell the attacker that you’re running Syncthing.

tl;dr: you’re fine

Thank you @bt90

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.