| 1 |
On 06/25/12 23:03, Alex Efros wrote: |
| 2 |
> |
| 3 |
> Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two |
| 4 |
> different routing tables and two different firewalls. Also, I suppose |
| 5 |
> enabling IPv6 on any server/router with non-trivial IPv4 firewall rules |
| 6 |
> may (and probably will!) result in creating new security holes until admin |
| 7 |
> will develop IPv6 firewall rules similar to existing IPv4 firewall rules. |
| 8 |
> And I suppose just trying to duplicate existing rules as is won't be |
| 9 |
> enough because of new IPv6-specific features, which is absent in IPv4, |
| 10 |
> and which should be additionally blocked/enabled too. |
| 11 |
|
| 12 |
This is where I'm at -- being in the USA, I'll probably be long dead |
| 13 |
before our upstream supports ipv6. I don't even know enough about ipv6 |
| 14 |
to know what I don't know, so the only safe course is to have it disabled. |
| 15 |
|
| 16 |
It's easy enough to set USE="-ipv6" manually of course, but the same |
| 17 |
argument works for USE="ipv6". So, I think the default should be what |
| 18 |
most people want; i.e. what the fewest people will have to override. Do |
| 19 |
most hardened machines use ipv6? |
Archives