Hacker News new | ask | show | jobs
by lunar_rover 73 days ago
NAT also solves the dynamic address issue. With GUA I need to deal with both dynamic prefix and randomised suffix that can be changed by seemingly unrelated things when opening ports to the internet.
2 comments
_bernd 73 days ago
That's why server use a static suffix and do slaac to get their prefix. It's really as simple as that.

Regarding firewall policies:

just because most network OS are plain dumb, does not implies that's the fault of IPv6.

A zone based firewall solves that already. And for instance OpenWrt fw4 can make rules for suffixes in a zone too.

link
preisschild 73 days ago
Does your ISP not offer static prefixes?

For 5€/mo additional I get a static /32 v4 (for NAT64) and a /60 v6 prefix.

link