On Mon, Feb 19, 2024 at 11:16 AM William Herrin <bill@herrin.us> wrote:
There isn't really an advantage to using v4 NAT. I disagree with that one. Limiting discussion to the original security context (rather than the wider world of how useful IPv6 is without IPv4), IPv6 is typically delivered to "most people" without border security, while IPv4 is delivered with a stateful NAT firewall.
Maybe this is the disconnect. Who delivers v6 without a firewall? I've done a lot of T-Mobile and Comcast business connections lately, and those certainly both provide a firewall on v4 and v6. I'll admit I'm not currently well-versed in other providers (except ones that don't provide v6 at all...). It is possible to order Comcast without a firewall for v6, in which case you receive a public v4 address without protection too. What common scenario leads to your average person being unprotected on the v6 Internet?