undefined | Better HN

0 pointslunar_rover2mo ago0 comments

NAT also solves the dynamic address issue. With GUA I need to deal with both dynamic prefix and randomised suffix that can be changed by seemingly unrelated things when opening ports to the internet.

0 comments

2 comments · 2 top-level

_bernd2mo ago

That's why server use a static suffix and do slaac to get their prefix. It's really as simple as that.

Regarding firewall policies:

just because most network OS are plain dumb, does not implies that's the fault of IPv6.

A zone based firewall solves that already. And for instance OpenWrt fw4 can make rules for suffixes in a zone too.

preisschild2mo ago

Does your ISP not offer static prefixes?

For 5€/mo additional I get a static /32 v4 (for NAT64) and a /60 v6 prefix.

j / k navigate · click thread line to collapse