Moin, On Mon, 2023-10-23 at 20:52 +0300, Mikhail wrote: > I think ipv6 just expand attack surface for the services for very > little benefit, ...
Well,... there is a ton of reasons one may not want to deploy v6; I disagree, but well, my boxes are dual-stack through-and-through; My network, my rules, your network your rules, and the rest comes to opinions*. But could we please stop with the "IPv6 is a security risk"-thing? Yes, it is if you do not conf your systems properly (e.g., only v4 firewalling and binding $backend globally). Then again, so is OpenSSH if you think allowing root logins with a password and setting the root password to "root" is a good thing to do. But honestly, then you have a whole bunch of different issues. OpenBSD has an awesome v6 stack; I have several prod boxes on v6 only, and it just works (granted, installed via an in-AS mirror, so never hit the mirror list thing). With best regards, Tobias *And on opinions: What should motivate _everyone_ to get on v6 ASAP is that it would end the business model of some rather annoying IPv4 address traders (I acknowledge there are also not-annoying ones who would be affected, but that is a sacrifice i am willing to make. ;-)).
