Nope. link-local address are just a subset of LAN IPs and are not routable, therefore a device which hosts any valuable web service (like a router) is guaranteed to have at least another IP which is not link-local and can be used to identify the device as either LAN or WAN.Ralf wrote:Doesn't this circumvent parts of the protection? I don't know which IPs, for example, (home) routers use for their LAN configuration interface.However, since it seems this is gonna be quite common at least during the switch to IPv6 of hosting providers, and since web servers are very unlikely to be legitimately hosted on link-local IPs inside LANs, I'm gonna work-around for good by considering IPv6 link-local addresses (fe80:/10) as external for the purpose of cross-zone checks.
Done in latest development build 2.4.2rc7 and stable 2.4.2.
