I have a section on a site that blocks access to all IPs, except those that are whitelisted. For IPv4, this is very simple, as they generally do not change for months or even years, even for dynamic IPs.
With IPv6, however, they seem to change every 24 hours. This means that I can not simply put the initial IPv6 IP on the positive list and call it good because it just changes too fast. So I have to add a whole bunch of whitelists. Even after reading and testing IPv6 in the last few days, I'm still not sure I'm in control.
Here is what I have:
Refuse order, allow allow from 1234: 123: 4567: ab1 :: / 64 rejected by all
The first 4 sections of the IP address never change, but the last 4 sections change constantly. Is this the right way to whitelist a person's IP in this context?