Hello, On Tue, Aug 02, 2022 at 12:01:44PM -0400, rhkra...@gmail.com wrote: > I know that IPv6 is a much larger address space so, iiuc, it would be harder > for a "cracker" to find IPv6, but I'd probably want to continue to run behind > NAT, so the idea that I wouldn't even know if my ISP switched to IPv6 does > not > make me comfortable.
Okay, well, just so you know what to expect: It's possible that some providers might do IPv6 NAT as well, but I think the majority would just apply some default and quite restrictive packet filter rules. The place where I'm at just now (which I don't control, so have no access to the router configuration to confirm) seems to allow in IPv6 ping, but isn't passing packets to (TCP) ports 22, 80 or 443. I expect it's denying everything except established/related flows. These would be the default settings as the people here are non-technical and haven't changed anything. If you don't trust the ISP to pick some sensible packet filter rules and you don't want to learn about v6 packet filtering in your router (and/or on each node), then yeah I can see why you might want to disable IPv6. The only real downside to that at the moment is that some content MIGHT be less performant over v4 compared to v6, due to the extra layers of NAT that will increasingly be inflicted upon users of IPv4. It will be many years before there's any intentionally v6-only content that's not a research project or toy or something. I can see why someone who is concerned about their IPv4 packet filter might also be worried about how their ISP may provide IPv6 when the time comes. Though I would still point out that most of the users of the Internet do so in a zero-config fashion so the ISP's choices with regard to IPv4 packet filtering already are trusted by most. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
