On Tue, Apr 29, 2014 at 10:52:06AM -0300, Giancarlo Razzolini wrote: | Em 29-04-2014 04:51, Stuart Henderson escreveu: | > Too soon I think. Wait a little longer and more major ISPs will turn | > IPv4 into the second class citizen as they fumble with their cgnat | > deployments then this will make a lot more sense. Now that akamai have | > their /10 taking ARIN into the final /8 run-out position that RIPE and | > APNIC have been in for some time, this will accelerate. | | I disable ipv6 across all my linux desktops installations because some | daemons aren't smart enough to not try it first. Postfix is one that | comes from the top of my mind. Also, I believe firefox will default to | ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for | ipv6 get more traction soon, so we could end using nat on our pf rules.
Disabling IPv6 should not be necessary: it shouldn't be enabled by default, even link-local addresses. Why oh why can I bring up an interface and have attackers probe me over IPv6 on a default OpenBSD install while they cannot do so over IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration before it will work, IPv6 works without it. I believe that's a problem that should be fixed before changing other defaults. If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure my machine with it .. just like with IPv4 (static / DHCP / whatever). Fuck this bullshit. Please note that this is the protocol where many a developer will complain about how it's more complex than IPv4. Paul 'WEiRD' de Weerd PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID default in OpenBSD. -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/