Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)
Hello,
On Tue, Aug 02, 2022 at 12:01:44PM -0400, rhkramer@gmail.com wrote:
> I know that IPv6 is a much larger address space so, iiuc, it would be harder
> for a "cracker" to find IPv6, but I'd probably want to continue to run behind
> NAT, so the idea that I wouldn't even know if my ISP switched to IPv6 does not
> make me comfortable.
Okay, well, just so you know what to expect:
It's possible that some providers might do IPv6 NAT as well, but I
think the majority would just apply some default and quite
restrictive packet filter rules.
The place where I'm at just now (which I don't control, so have no
access to the router configuration to confirm) seems to allow in
IPv6 ping, but isn't passing packets to (TCP) ports 22, 80 or 443. I
expect it's denying everything except established/related flows.
These would be the default settings as the people here are
non-technical and haven't changed anything.
If you don't trust the ISP to pick some sensible packet filter rules
and you don't want to learn about v6 packet filtering in your router
(and/or on each node), then yeah I can see why you might want to
disable IPv6.
The only real downside to that at the moment is that some content
MIGHT be less performant over v4 compared to v6, due to the extra
layers of NAT that will increasingly be inflicted upon users of
IPv4.
It will be many years before there's any intentionally v6-only
content that's not a research project or toy or something.
I can see why someone who is concerned about their IPv4 packet
filter might also be worried about how their ISP may provide IPv6
when the time comes. Though I would still point out that most of the
users of the Internet do so in a zero-config fashion so the ISP's
choices with regard to IPv4 packet filtering already are trusted by
most.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: