1 |
On Thu, Jan 19, 2012 at 6:16 PM, Paul Hartman |
2 |
<paul.hartman+gentoo@×××××.com> wrote: |
3 |
> On Thu, Jan 19, 2012 at 4:32 PM, Mick <michaelkintzios@×××××.com> wrote: |
4 |
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: |
5 |
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@×××××××××××.org> wrote: |
6 |
>>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but |
7 |
>>> > every time I start rading about IPv6 I get a headache... |
8 |
>>> > |
9 |
>>> > Does anyone know of a decent tutorial written specifically to those who |
10 |
>>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't |
11 |
>>> > get bogged down in too many technical details, but simply explains what |
12 |
>>> > you need to know to be able to transition to it and use it effectively |
13 |
>>> > *and securely* - and/or how *not* to have to expose your entire private |
14 |
>>> > network to the world (what IPv4 NAT protects you from)? |
15 |
>>> |
16 |
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm |
17 |
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty |
18 |
>>> sure I'm also not the most knowledgeable on this list wrt IPv6, |
19 |
>>> either. Still, what would you like to know? (I can use your questions |
20 |
>>> as fodder and experience for future presentations. ^^) |
21 |
>> |
22 |
>> |
23 |
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all |
24 |
>> the IPv4 iptable rules also for IPv6? |
25 |
> |
26 |
> short answer: yes :) ip6tables works exactly like iptables, but with |
27 |
> IPv6 addresses. |
28 |
> |
29 |
> longer answer: probably, but it depends on what kind of rules you have |
30 |
> and whether all services you offer (or consume, if you block outbound |
31 |
> traffic) require both IPv4 and IPv6. |
32 |
> |
33 |
> On my server, my rules are simple and just consist of opening certain |
34 |
> ports and dropping everything else. The rules are exactly the same for |
35 |
> IPv4 and IPv6 in that case. |
36 |
|
37 |
You do need to be a little more careful with ICMP, though. If you |
38 |
block all of ICMP, you break neighbor discovery and a few other |
39 |
(potentially less important on a server) things. |
40 |
|
41 |
|
42 |
-- |
43 |
:wq |