I accidentally sent a few HTTP requests to our production site which got my IP address blacklisted. Luckily my laptop was using an IPv6 tunnel so only my laptop and nobody else got blacklisted.
Had I been using IPv4 I would have gotten the office NAT box blacklisted and seven support employees would have been blacklisted from the very system they are responsible for supporting.
I have a secondary Internet connection at home, that uses an extremely dumbed-down CPE — like, you cannot make ANY configuration changes to it.
To connect that network to the rest of my home/homelab network, my choices are either a) set static routes on every device on the network (assuming they even support setting any), or b) inject IPv6 routes into the network using router advertisements.*
#HowIPv6HelpedMeThisWeek (and every week for the last 2-3 years)
While I was away from home for a few days I was able to access data on a machine at home using ssh. Thanks to having IPv6 both at home and in the place I was staying this worked without needing to mess with fragile NAT or port-forwarding setups.
And another #HowIPv6HelpedMeThisWeek (from another week) related to this toot, I have a BIND nameserver in my homelab with 112 views (for shenanigans reasons), and I can't expose that construct to the internet without either #IPv6, or some truly hideous port-based NAT hijinks (which, ugh, no thank you).
(And worse: I actually have two of them now. 😂)
https://mspsocial.net/@jima/114354031715285418
@becomethewaifu@tech.lgbt @jana@social.jsteuernagel.de Plus, if you actually needed to reach something over the tunnel that's stuck IPv4-only, there's always NAT64. 😀 (And here we hint at the only context in which I like DoH: the ability to make one browser use DNS64, but not force the rest of the operating system to also use it.) #HowIPv6HelpedMeThisWeek (but it was a different week)
@becomethewaifu @jana Plus, if you actually needed to reach something over the tunnel that's stuck IPv4-only, there's always NAT64. 😀
(And here we hint at the only context in which I like DoH: the ability to make one browser use DNS64, but not force the rest of the operating system to also use it.)
#HowIPv6HelpedMeThisWeek (but it was a different week)
I'm running some experiments on domain name discovery (mostly in the context of arbitrary third parties scanning for vulnerabilities), and the only way to be sure that the potential threat actor didn't just happen upon the target IP in question through dumb luck is by using an IP address that can't be scanned by brute force, has never been used before, and is not initiating outbound traffic.
A lingering problem I had was my Wireguard tunnel for client devices.
I have multiple times added some subnet and then had to individually add it to the allowed IPs on each device. I didn't want to just preemptively forward the entire 10.0.0.0/8 block, because that would be asking for trouble.
Now it just dawned on me that if I only use IPv6, that problem is gone. Not once did I have to change the v6 prefix, because I can easily leave enough room to grow.
Thanks to IPv6 I can route an IP prefix to my laptop and use it for developing software in Docker containers. The software can use this to connect to a database hosted at a cloud provider which is shared with other developers.
Since there is no NAT I don't have to worry about TCP connections stalling when the NAT times out connections.
For security the database is protected using both an IP whitelist and TLS certificates for both client and server.
kasperd
Jima 
Jana
goetz 🚲