I noticed in my pf logs that a RFC4193 IPv6 address was trying to access
google. My understanding is that the RFC4193 addresses, while routable,
should not be routed over the global Internet. Fortunately, I block/log
all such attempts at my firewall.
Here's one of the log records:
pf: rule 1..16777216/0(match): block out on em0:
fdcf:b715:2f4d:1::150.3664 > 2607:f8b0:4004:808::1012.443: tcp 0
The 2607 address is google's, which was my first clue when I started to
backtrace the source of the traffic.
So my question is --- should ntpd's constraint traffic use the NIC's
IPv4 address when there is no globally routable IPv6 address available?
Is there something else I need to configure to nudge ntpd's constraint
traffic in the correct direction?