| 1 |
2011-02-10 21:03:01 Michael Orlitzky |
| 2 |
> On 02/09/11 22:09, Anthony G. Basile wrote: |
| 3 |
> > Hi everyone, |
| 4 |
> > |
| 5 |
> > Jan Kundrat asked on gentoo-dev why hardened removes ipv6 from its |
| 6 |
> > profiles. To be honest, I see no good reason. I want to add it back. |
| 7 |
> > Before I do, does anyone in the community know of any issues with |
| 8 |
> > hardened + ipv6? I don't know of any and all my servers have it |
| 9 |
> > enables. So, I'm going to add it back in about 1 week. |
| 10 |
> |
| 11 |
> I don't think there are any issues with it. The only argument I know of |
| 12 |
> is that it increases the attack surface for a feature that 0% + epsilon |
| 13 |
> of people use. |
| 14 |
|
| 15 |
Tests done by a colleague show that, right now, the amount of inbound ipv6 |
| 16 |
traffic on his systems is none but I can perfectly understand your concerns |
| 17 |
even if they should apply only to the network stack itself, as the daemons |
| 18 |
listening to v6 should be the same that listen to v4, once configured for dual |
| 19 |
stack. |
| 20 |
|
| 21 |
Anyway, ipv6 has a chance to become relevant by the end of the year as China |
| 22 |
and India (among others) won't have quite enough v4 addresses in stock to |
| 23 |
support the growth of their networks. |
Archives