On 07/07/2024 16:13, Ralph Seichter via Postfix-users wrote: > * Allen Coates via Postfix-users: > >> I have just been perusing my firewall logs, and notice I have had >> several "hits" using the documentation prefix (2001:db8::/32) as the >> source address. [...] >> >> I have also had some hits (on my website) from Teredo addresses. I >> am allowing these, because (arguably) we are still transitioning to >> IPv6. > "Still transitioning", are we? ;-) RFC 3849 is 20 years (!) old, almost > to the day, and https://www.rfc-editor.org/rfc/rfc3849.html#section-3 is > pretty clear: > > This assignment implies that IPv6 network operators should add this > address prefix to the list of non-routeable IPv6 address space, and > if packet filters are deployed, then this address prefix should be > added to packet filters. > > Anybody using 2001:db8::/32 to connect over the internet is simply doing > it wrong, and I don't think that attempts at enabling their erroneous > efforts is helpful. > > -Ralph
I am blocking 2001:db8::/32 (of course); it's the Teredo prefix which I am allowing. Having been retired for 15 years, and only running a personal (domestic) server, it is difficult to judge how commonplace these transition protocols still are. Allen C > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
