Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-hardened
Navigation:
Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-hardened@g.o
From: Ed W <lists@...>
Subject: Documenting disabling IPV6 off
Date: Sat, 30 Jun 2012 19:51:59 +0100
Hi folks

Can we get some volunteers to write-up some ipv6 notes for the 
gentoo/hardened docs

My quick notes would look as follows:

- What is ipv6, notes that it's basically a completely separate protocol 
and might be unexpectedly enabled. Also discussion on link local vs 
external ip addresses (quite a significant change from ipv4)

- Conditions to use it, eg enabling use flags AND noting that the 
"listen" syntax is often different in the app of your choice, eg listen 
[::} vs  listen *

- Pointers on enabling external access to your machine (note I'm seeing 
new providers turn on ipv6 every week, this is a fairly rapidly changing 
situation now).  ie enabling ipv6 tunnels, dhcpv6, autoconfig, etc

- How to disable ipv6.  Sub notes:

a) iptables6 default drop (iptables -P)
b) iptables6 reject
     # ip6tables -A INPUT -j DROP
     # ip6tables -A OUTPUT -j DROP
     # ip6tables -A FORWARD -j DROP
c) sysctl
d) blacklist kernel module or build kernel without support
e) kernel command line option (useful when not modular kernel)
     "ipv6.disable=1"
f) Build specific apps without support (seems pointless though?)
g) Ensure specific apps only listen on ipv4 using config. Check using 
"netstat -l"


Anyone care to kick that around for a bit, maybe pour some sauce on it?

Ed


Replies:
Re: ssp random bytes solution
-- Ned Ludd
References:
ssp random bytes solution
-- Robert Connolly
Re: ssp random bytes solution
-- Robert Connolly
Re: ssp random bytes solution
-- Ned Ludd
Re: ssp random bytes solution
-- Robert Connolly
Navigation:
Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: ssp random bytes solution
Next by thread:
Re: ssp random bytes solution
Previous by date:
Re: ssp random bytes solution
Next by date:
Re: ssp random bytes solution


Updated Jul 01, 2012

Summary: Archive of the gentoo-hardened mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.