[ta8645]

If ipv6 ever becomes a thing, it'll make blocking all that much harder.

[rnhmjoj]

No, it's really the same thing with just different (and more structured) prefix lengths. In IPv4 you usually block a single /32 address first, then a /24 block, etc. In IPv6 you start with a single /128 address, a single LAN is /64, an entire site is usually /56 (residential) or /48 (company), etc.

[Arnavion]

Note that for the sake of blocking internet clients, there's no point blocking a /128. Just start at /64. Blocking a /128 is basically useless because of SLAAC.

[Avamander]

Some cloud providers only give out /128 so it's fair to start blocking just a /128 at first.

[withinboredom]

Hmmm... that isn't my experience:

/128: single application

/64: single computer

/56: entire building

/48: entire (digital) neighborhood

[rnhmjoj]

A /64 is the smallest network on which you can run SLAAC, so almost all VLANs should use this. /56 and /48 for end users is what RIRs are recommending, in reality the prefixes are longer, because ISPs and hosting providers wants you to pay like IPv6 space is some scarse resource.

[1]: https://www.ripe.net/publications/docs/ripe-690/

[withinboredom]

Everyone at my isp is issued a /56 (and as far as I can tell, the entire country is this way).

[snerbles]

For ipv6 you just start nuking /64s and /48s if they're really rowdy.