Comment by fc417fc802
7 hours ago
If you plug your printer into your home network, and if the local DHCP server is configured to hand out globally routable addresses from your ISP provided /64, then your printer will also be globally routable (as well as your "smart" fridge, "smart" TV, "smart" thermostat, etc). In my personal experience this is the default situation with consumer ISP IPv6 setups.
This difference in theory versus practice is precisely why we see people objecting that IPv4 is more secure as far as default configurations go when it comes to home use.
That said, I expect (hope?) that all ISP gear should default to enabling a stateful firewall. Hopefully there's no difference between the default security of an IPv4 and an IPv6 setup in practice. But given the history I'm not entirely optimistic.
Note that DHCPv6 is really uncommon for IPv6, especially on consumer routers - so uncommon that Android doesn't even support it. But your point stands, even more so, with SLAAC.
>This difference in theory versus practice is precisely why we see people objecting that IPv4 is more secure as far as default configurations go when it comes to home use.
I mean, I agree with them. I think people who say 'NAT is not security' are only correct in the absolute most pendantic way and that the way NAT is commonly configured is literally the only reason the internet doesn't consist mostly of botnets.
But I also suspect that if IPv6 were more common, we as a society would be better at it, and not do dumb things like hand out globally routable IPs via DHCP6
The whole premise of IPv6 is that every device should have a globally routable IP. This thread went into DHCP for some reason, but that is uncommon and not recommended for IPv6, where you're supposed to use SLAAC. With SLAAC, I'm not even sure you could realistically disable the ability to get a public IP. And if you did, I'm not sure you could allow a device to access the Internet over IPv6 with a consumer router without it having a publicly routable IPv6.