Security concerns in IPv6
IPv6 is the big brother of IPv4 and became an internet standard on July 14th, 2017.
While IPv6 is ahead of its predecessor, it brings a number of security concerns. You should be aware of these even if you are not currently using IPv6 in your systems.
Iptables or ip6tables?
Iptables is the de-facto firewall on Linux, but it is only responsible for IPv4 addresses. In order to deny IPv6 connections you will need to configure ip6tables too.
Services like Uncomplicated Firewall (UFW) automatically mirrors rules to ip6tables if the rule allows it.
No more NAT
IPv6 no longer needs to be translated or aliased on transport, since there are now enough addresses to be assigned to every device in the world. This means that there is no NAT or private address space, and that everything is routable.
NAT still exists in IPv6, but generally is not a default implementation. Double check that your routing is not exposing private IPv6 addresses to the internet. Or for now, turn off IPv6 routing completely.
For routing, IP addresses are present in fields of the packet header where they indicate the source and destination of the packet.
IPv6 is the successor to the first addressing infrastructure of the Internet, Internet Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, IPv6 has a vastly enlarged address space compared to IPv4.
One example of an IPv6 address is: 2001:0db8:85a3:0000:0000:8a2e:0370:7334