They need to stop that nonsense. NAT is not for security, and was not designed for security purposes. In fact, there are a few ways it subverts security, such as SNI in TLS making the connection less private than it could be.
If they want to block external connections, a border firewall can do the job just fine without NAT. It’s arguably better, because it doesn’t have to take NAT into account for any of its rules.
abhibeckert@lemmy.world 9 months ago
Those admins don’t know what they’re talking about. IPv6 has a region of the address space that can only be reached locally - similar to the 192.168.x.x space in IPv4.
Fungah@lemmy.world 9 months ago
Honestly my biggest issue with ipv6, aside from not understanding it, which I don’t, at all, I’ve realized while setting up my own opnsense firewall, is that they decided on FUVKING COLONS. AND LETTERS. Okay, cool, hexadecimal exists, that’s swell, but typing them is such a fucking pain in the ass.
There’s no way to put your fingers on a keyboard to make it feel natural.
frezik@midwest.social 9 months ago
Nothing the mechanical keyboard community can’t solve.
ipv6buddy.com
nightwatch_admin@feddit.nl 9 months ago
While I agree that it is godawful to type and worse to read, let alone remember, you wouldn’t want these addresses in full decimal notation…