Isn’t that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.
You don’t need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.
With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.
Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can’t identify you and try to connect back to your ip with a port scanner etc.
All the benefits of nat with none of the drawbacks.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Isn’t that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.
You don’t need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.
With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.
Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can’t identify you and try to connect back to your ip with a port scanner etc.
All the benefits of nat with none of the drawbacks.