| 1 |
Hi! |
| 2 |
|
| 3 |
On Mon, Jun 25, 2012 at 08:58:49AM -0500, Matthew Thode wrote: |
| 4 |
> > I'm alerting users so that you can make whatever changes you like to |
| 5 |
> > ipv6 in your /etc/make.conf. In about 24 hours I will turn on by |
| 6 |
> > default ipv6 on all hardened profiles. |
| 7 |
> I use ipv6 on all my servers (not that everyone does). We will have to |
| 8 |
> enable it eventually, sooner is probably better then later I think. |
| 9 |
|
| 10 |
Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two |
| 11 |
different routing tables and two different firewalls. Also, I suppose |
| 12 |
enabling IPv6 on any server/router with non-trivial IPv4 firewall rules |
| 13 |
may (and probably will!) result in creating new security holes until admin |
| 14 |
will develop IPv6 firewall rules similar to existing IPv4 firewall rules. |
| 15 |
And I suppose just trying to duplicate existing rules as is won't be |
| 16 |
enough because of new IPv6-specific features, which is absent in IPv4, |
| 17 |
and which should be additionally blocked/enabled too. |
| 18 |
|
| 19 |
If I'm right (about creating new security holes because of enabling ipv6 |
| 20 |
USE flag) then it may be bad idea to enable it by default until we'll be |
| 21 |
sure admin is ready for this (for example, we may check is IPv6 enabled in |
| 22 |
kernel and is there exists IPv6 firewall rules). |
| 23 |
|
| 24 |
BTW, is there exists (Gentoo?) guides/howtos which explain these issues |
| 25 |
(preferably from "differences from IPv4" point of view) to average admin |
| 26 |
who know how to setup IPv4 and know nothing about IPv6, and provide |
| 27 |
minimum recommended configuration for IPv6 routing/firewall? I think |
| 28 |
enabling IPv6 by default should begins from writing such docs. |
| 29 |
|
| 30 |
-- |
| 31 |
WBR, Alex. |
Archives