At home I have a dual-stack IPv4/IPv6 broadband connection, and I also have a wireless access point. The access point currently bridges all traffic into my LAN, which is not segmented in any way, so all visitors that use my wireless network have the full run of my LAN.
While I certainly do not doubt my friends' good intentions I do see the possibility of their smartphones being compromised, and I'd rather not have compromised devices in my private LAN if I can help it. This, and also the fact that being in my private LAN does not gain my friends any benefits, makes me want to set up a separate wireless guest network, which I would then also use with my own smartphone.
I am currently considering opening all ports for incoming IPv6 TCP and UDP traffic for the devices in this separate guest network.
My reason for doing so is vastly improved service reliability. As a practical example, I use the Conversations XMPP chat app that does support sharing e.g. pictures, but this doesn't work very well while both me and the other person are in our respective home LANs, presumably because neither of us has any ports open (IPv6) or forwarded (IPv4) for our smartphones.
Just to verify this hypothesis I opened all IPv6 ports for my smartphone only. And voilá, sharing pictures has been working flawlessly ever since.
The general implications of opening a router's IPv6 firewall has been extensively discussed here, however I think my situation with the guest network for smartphones and other mobile devices is not quite comparable, because
- Smartphones are designed for being directly connected to the internet any odd way, and therefore should not have problems with open IPv6 ports
- It would only pertain to the totally separated guest network, any device in which would, from the view of a device in my LAN, just be any other device out there in the public internet
Is this sound reasoning, or is there something important I am not seeing?
