[general1465]

So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.

[orangeboats]

The fact that we are giving IP addresses an hierarchy is stupid. If you don't want outsiders to connect to your device use a firewall.

[general1465]

Or use NAT, which is actually better solution, because misconfigured NAT won't expose your whole network, while misconfigured firewall will.

[Dagger2]

Well, actually it will. In fact, even correctly configured NAT won't stop connections into your network.

On top of that, it lulls you into a false sense of security, so you confidently think it's protecting you even when it isn't. At least not having NAT makes the actual state of your network clearer.

[general1465]

> even correctly configured NAT won't stop connections into your network.

Yeah that's called port forwarding. It is like complaining that light is coming into your house through windows. Fully intentional.

[Dagger2]

Port forwarding requires a port forward rule that matches the inbound connection. If there's no such rule... NAT won't stop the connection, it will just ignore it.

If no other aspect of your setup blocks the connection, it'll be successful. If you were deploying NAT because you thought it would function as a firewall then this part is probably not intentional.

[throw0101d]

> So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.

"Yeah? Well, you know, that's just like uh, your opinion, man." — The Dude

Publicly addressable ≠ publicly reachable.

When I was with my last ISP which had IPv6, my printer had a public address, but the only people who could reach it were those on my home network.

[general1465]

With this logic, my printer can be reachable on google.com, but only from my private network, does not turn my printer into Google.