1 |
On 06/25/12 23:03, Alex Efros wrote: |
2 |
> |
3 |
> Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two |
4 |
> different routing tables and two different firewalls. Also, I suppose |
5 |
> enabling IPv6 on any server/router with non-trivial IPv4 firewall rules |
6 |
> may (and probably will!) result in creating new security holes until admin |
7 |
> will develop IPv6 firewall rules similar to existing IPv4 firewall rules. |
8 |
> And I suppose just trying to duplicate existing rules as is won't be |
9 |
> enough because of new IPv6-specific features, which is absent in IPv4, |
10 |
> and which should be additionally blocked/enabled too. |
11 |
|
12 |
This is where I'm at -- being in the USA, I'll probably be long dead |
13 |
before our upstream supports ipv6. I don't even know enough about ipv6 |
14 |
to know what I don't know, so the only safe course is to have it disabled. |
15 |
|
16 |
It's easy enough to set USE="-ipv6" manually of course, but the same |
17 |
argument works for USE="ipv6". So, I think the default should be what |
18 |
most people want; i.e. what the fewest people will have to override. Do |
19 |
most hardened machines use ipv6? |