[ndbug] PF question - is it reasonable to block all IPv6 traffic

George Rosamond george at ceetonetechnology.com
Tue Dec 27 07:31:00 PST 2016


Philip Paeps:
> On 2016-12-27 16:22:36 (+0100), Hrishikesh Muruk <hrishim at gmail.com> wrote:
>> On Sat, Dec 24, 2016 at 1:52 PM, Hrishikesh Murukkathampoondi wrote:
>>>>> The machine is a Digital Ocean Droplet with a static IPv4 address
>>>>
>>>> Digital Ocean supports IPv6.  Why don't you use it?
>>>
>>>
>> If I enable IPv6 on the Droplet then I can block all IPv4 traffic? Or would
>> I be missing something useful/important
> 
> Quite a lot of the internet is still legacy-only.  Blocking all legacy IPv4
> traffic is not a great idea yet.

Ha... so true.

I can imagine circumstances in which IPv4 traffic would be blocked, but
really only for internal systems or testing.

OTOH, I *can* imagine more cases in which IPv6 traffic is blocked.

g



More information about the talk mailing list