1 |
2011-02-10 21:03:01 Michael Orlitzky |
2 |
> On 02/09/11 22:09, Anthony G. Basile wrote: |
3 |
> > Hi everyone, |
4 |
> > |
5 |
> > Jan Kundrat asked on gentoo-dev why hardened removes ipv6 from its |
6 |
> > profiles. To be honest, I see no good reason. I want to add it back. |
7 |
> > Before I do, does anyone in the community know of any issues with |
8 |
> > hardened + ipv6? I don't know of any and all my servers have it |
9 |
> > enables. So, I'm going to add it back in about 1 week. |
10 |
> |
11 |
> I don't think there are any issues with it. The only argument I know of |
12 |
> is that it increases the attack surface for a feature that 0% + epsilon |
13 |
> of people use. |
14 |
|
15 |
Tests done by a colleague show that, right now, the amount of inbound ipv6 |
16 |
traffic on his systems is none but I can perfectly understand your concerns |
17 |
even if they should apply only to the network stack itself, as the daemons |
18 |
listening to v6 should be the same that listen to v4, once configured for dual |
19 |
stack. |
20 |
|
21 |
Anyway, ipv6 has a chance to become relevant by the end of the year as China |
22 |
and India (among others) won't have quite enough v4 addresses in stock to |
23 |
support the growth of their networks. |