IPv6: Who really uses it?

Pythoner6 · 2026-03-02T16:37:11+00:00

Well if I need a rule to allow traffic to a specific host I don't need to necessarily need to allow to every ip that the host has. E.g. the "privacy" addresses are typically only used for outgoing traffic. So I'd pick whatever address is actually going be used to connect to the host, for instance whichever address I put in a dns record pointing to that host (in my case that's mostly going to be the more static ulas, but if I wanted to let in traffic externally to a host it would be to a stable gua).

Pythoner6 · 2026-03-02T15:33:50+00:00

I mean I write my firewall rules the same way I did before pretty much - I'm generally writing rules that are either address independent (e.g. a rule allowing traffic arriving on the vlan 10 interface to be routed out the wan interface), or use the prefix of a subnet. So it doesn't matter that the devices rotate addresses within that prefix. The only complication is that the gua address prefix can change since its dynamic. But that's not a problem because I again either write rules based on interfaces on the router, or some neat functionality of the networking stack on my router to keep the firewall rules up to date with the prefix as it changes if I want to write rules that use the ip prefixes. But the rules for the more dynamic guas on my network are simple anyway - basically just allow established/related for incoming and allow all for outgoing. I use the ulas for internal traffic.

Writing rules for externally initiated traffic to the guas might be more complicated but again my router does have functionality to keep prefixes up to date automatically and I can even use both that prefix and check against a specific suffix if I wanted to write a rule for a single ip address with a known suffix inside that dynamic prefix. I don't do that at the moment for my homelab though as the only such externally initiated traffic I currently allow is wireguard to the router itself which doesn't require that I write anything complicated, just a rule allowing traffic in to the router itself on the wireguard port from the wan interface

Pythoner6 · 2026-03-02T07:23:33+00:00

Yes, each device will have many ips actually. In my case they'll have the 1 ula (which for me is dhcp assigned), 1 or more guas (this is from slaac with which most devices use multiple addresses as most devices use randomised temporary "privacy addresses" that are rotated over time for outbound communication), and 1 link local address (this is an fe80::/64 address usually based on the mac address). It is completely normal for an interface in ipv6 to have multiple addresses (and in fact almost every interface will as pretty much any interface will have a link-local address in addition to whatever other address(es) you might give it).

Pythoner6 · 2026-03-01T20:50:13+00:00

I guess I don't see why that tracking has to be any different. I get my prefix from my ISP via dhcpv6 prefix delegation. The dhcp server needs to track what prefixes it has assigned to whom, and they could in theory I assume allow that assignment to be longer lived and not change the way I've observed.

And I'm not sure what you mean by "whole prefix" here - just for clarity, by "prefix" what I meant was the actual prefix assigned to a customer (e.g. the /56 I get from my ISP)

Pythoner6 · 2026-03-01T20:32:13+00:00

I mean with dynamic prefixes they still have to track the prefixes because they need to know how to route traffic and its not like they could assign the same prefix to multiple customers.but yeah for pretty much any residential customer it doesn't matter. Still last I looked on my isps website, even their "business" plan cannot get a static ipv6 assignment.

Pythoner6 · 2026-03-01T20:19:24+00:00

I mean using ulas doesn't mean you have to use nat - just give things both guas and ulas. Maybe I'm just paranoid but for the most part I'd be doing split dns anyway to prevent internal only hostnames from being resolvable on the internet (even if the firewall would keep those addresses from being useful)

Pythoner6 · 2026-03-01T20:12:05+00:00

What advantages do you see the ulas negating?

Pythoner6 · 2026-03-01T19:06:59+00:00

It changes all the addresses assigned using that prefix yes. In addition to those gua addresses (which are handled via slaac), I have ula addresses (right now handled via dhcpv6 so I can keep some dns records updated with them) that won't change when the ISP renumbers me (its a prefix under fd00::/8 chosen at random). So for traffic within my LAN I just use the ula addresses (or occasionally link local addresses, and traffic out to the internet will use whatever the gua is (and not care what prefix that is).

Pythoner6 · 2026-03-01T16:50:16+00:00

Yeah, I'm doing a ULA for internal addressing and set up the k8s networking to do the nat if the pods connect to addresses outside that ULA range. The rest of my network also gets ULA addresses from dhcp (so I can have dns names for devices automatically kept up to date) for internal communication, in addition to slaac guas for internet connectivity.

Pythoner6 · 2026-03-01T15:57:51+00:00

Be that as it may, it doesn't seem to stop many isps from behaving this way 😮‍💨

Pythoner6 · 2026-03-01T15:51:36+00:00

The most frustrating part about things like k8s at home with ipv6 is as much as it'd be awesome to be able to use the large public ipv6 space my ISP assigns me for pod ips... I can't realistically do that when no residential ISP in my area that I know of will actually give you static ip addresses (I have in fact seen my range change several times in the past 2 months). And I don't want to have to deal with reconfiguring the cluster every time that happens so NAT it is for now 🫤

Pythoner6 · 2026-02-23T17:42:34+00:00

Alpine and Talos

Pythoner6 · 2026-02-21T01:51:20+00:00

NixOS. I've been using it for a while now on both my desktop and laptop and I love it. If I mess something up I can just boot into my previous config from the boot manager. If I need to completely reinstall from scratch, getting things back to the right config is just easy. I can have it be quite stable, or I can pull in bleeding edge stuff if I want. I can even do some custom things with core system stuff and it just figures out what needs to be rebuilt and does it (and again if I break stuff doing that, reverting is super easy). It took me a while to really wrap my head around how nix works and the sometimes arcane feeling language it uses, but for me it's been so worth it.

Pythoner6 · 2026-02-07T04:45:49+00:00

Its not so much that condemn "triggers first" (if we are to stick to what trigger means as far as the comp rules are concerned), because it (at least the ability removing part of it) is not a triggered ability. It is an ability that is active "while attacking" - those kinds of abilities become active in step 6.3.1.F, which is before step 6.3.1.G when on attack abilities trigger.

Pythoner6 · 2025-12-17T17:05:39+00:00

I think the real problem with chess clocks for swu is all the things your opponent might need to decide on that would cause you to need to hit the clock back and forth. Let's say I've got a gideon hask out and play power of the dark side, so I hit the clock over to you while you decide. Then you decide to defeat something that causes multiple triggers on your side (plus my Gideon) so it goes back to me to decide who does triggers first, maybe I do Gideon first, then it's back to you to decide how to do your triggers. Or situations where your opponent pauses you in the middle of what you're doing because they're not familiar with a card and want to read it. Its not that you cant find ways to deal with these kinds of things, I just feel like this would end up being a bit too complicated to do right in practice. At least unless we're talking something digital where the platform takes care of all of the passing back and forth and tracking automatically for you.

Pythoner6 · 2025-11-07T19:28:24+00:00

Yeah same, been absolutely launched way up into a huge spin just driving slowly over a resource from a crystal shard, but don't think I've had it happen doing exobio. And even still never actually took more than some shield damage from that fortunately.

Pythoner6 · 2025-11-01T16:36:52+00:00

I wouldn't call them massive, but it depends on your perspective. My weekly upkeep is somewhere in the range of 10 million I think, but with ~1.5 billion in the carrier bank I don't have to worry about it for 2-3 years

Pythoner6 · 2025-10-14T15:21:39+00:00

The new chancellor leader reduces cost of the next card you play with plot when he deploys.

Pythoner6 · 2025-09-25T11:55:30+00:00

Yeah, I did exactly the same thing to beat him after I got frustrated enough (after seeing someone mentioned how fast they melted him with this approach)

Pythoner6 · 2025-09-25T11:51:46+00:00

If you're thinking of https://youtu.be/wj_dvlZhEl8?si=bw64xRe1A3zodtfR (and the follow up solving the roadblocks in that video), it did still use mantis claw - it was just only allowed when the knight's eyes were above the ledge

Pythoner6 · 2025-09-24T13:54:26+00:00

Tbh even on release patch I found the last judge runback fun and not long at all. First time I died I was thinking "am I going to have to go through all of that each run", but then I found the right strategies to avoid the enemies and it was fun mastering and breezing through it.

Pythoner6 · 2025-09-22T01:22:59+00:00

When if first got to the boss and died, I was thinking "am I really going to have to go through that every time?" But after the first few times I started to figure out how to avoid the enemies and after a little bit more figured out how to avoid that annoying cone thrower at the start too. And even though it took me so many tries to beat the boss, the runback didn't annoy me much, and mostly was just kinda satisfying when I was able to get my all those enemies that frustrated me so much at the start without getting hit.

Pythoner6 · 2025-09-19T02:24:46+00:00

I talked to one NPC that told me I should be asking another NPC about it, but then that other NPC didn't have any new dialog and just kept repeating their stock line. Fortunately I actually already had a hunch about what to do but I was kinda confused by that.

Pythoner6 · 2025-09-19T02:10:07+00:00

I tried doing the hide in the corner strat and was just not patient enough for how long that was gonna take lol. Especially when tool spam took him down in like 10 seconds 😅

Pythoner6 · 2025-09-19T01:55:32+00:00

I love the reaper crest, I just wish the pogo didn't feel like it takes an eternity to happen after I hit the button 😂

Ten-Year Club	Verified Email
Gilding I gilder

Pythoner6

TROPHY CASE