[ndbug] PF question - is it reasonable to block all IPv6 traffic
George Rosamond
george at ceetonetechnology.com
Tue Dec 27 07:31:00 PST 2016
Philip Paeps:
> On 2016-12-27 16:22:36 (+0100), Hrishikesh Muruk <hrishim at gmail.com> wrote:
>> On Sat, Dec 24, 2016 at 1:52 PM, Hrishikesh Murukkathampoondi wrote:
>>>>> The machine is a Digital Ocean Droplet with a static IPv4 address
>>>>
>>>> Digital Ocean supports IPv6. Why don't you use it?
>>>
>>>
>> If I enable IPv6 on the Droplet then I can block all IPv4 traffic? Or would
>> I be missing something useful/important
>
> Quite a lot of the internet is still legacy-only. Blocking all legacy IPv4
> traffic is not a great idea yet.
Ha... so true.
I can imagine circumstances in which IPv4 traffic would be blocked, but
really only for internal systems or testing.
OTOH, I *can* imagine more cases in which IPv6 traffic is blocked.
g
More information about the talk
mailing list