1 |
On 06/25/2012 10:03 PM, Alex Efros wrote: |
2 |
> Hi! |
3 |
> |
4 |
> On Mon, Jun 25, 2012 at 08:58:49AM -0500, Matthew Thode wrote: |
5 |
>>> I'm alerting users so that you can make whatever changes you like to |
6 |
>>> ipv6 in your /etc/make.conf. In about 24 hours I will turn on by |
7 |
>>> default ipv6 on all hardened profiles. |
8 |
>> I use ipv6 on all my servers (not that everyone does). We will have to |
9 |
>> enable it eventually, sooner is probably better then later I think. |
10 |
> |
11 |
> Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two |
12 |
> different routing tables and two different firewalls. Also, I suppose |
13 |
> enabling IPv6 on any server/router with non-trivial IPv4 firewall rules |
14 |
> may (and probably will!) result in creating new security holes until admin |
15 |
> will develop IPv6 firewall rules similar to existing IPv4 firewall rules. |
16 |
> And I suppose just trying to duplicate existing rules as is won't be |
17 |
> enough because of new IPv6-specific features, which is absent in IPv4, |
18 |
> and which should be additionally blocked/enabled too. |
19 |
> |
20 |
> If I'm right (about creating new security holes because of enabling ipv6 |
21 |
> USE flag) then it may be bad idea to enable it by default until we'll be |
22 |
> sure admin is ready for this (for example, we may check is IPv6 enabled in |
23 |
> kernel and is there exists IPv6 firewall rules). |
24 |
> |
25 |
> BTW, is there exists (Gentoo?) guides/howtos which explain these issues |
26 |
> (preferably from "differences from IPv4" point of view) to average admin |
27 |
> who know how to setup IPv4 and know nothing about IPv6, and provide |
28 |
> minimum recommended configuration for IPv6 routing/firewall? I think |
29 |
> enabling IPv6 by default should begins from writing such docs. |
30 |
> |
31 |
You do run into these issues, I think we need to do a news thing for the |
32 |
hardened profiles if we go ahead and enable it. |
33 |
|
34 |
-- |
35 |
-- Matthew Thode (prometheanfire) |