| 1 |
On Thu, Jan 19, 2012 at 6:16 PM, Paul Hartman |
| 2 |
<paul.hartman+gentoo@×××××.com> wrote: |
| 3 |
> On Thu, Jan 19, 2012 at 4:32 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 4 |
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: |
| 5 |
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@×××××××××××.org> wrote: |
| 6 |
>>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but |
| 7 |
>>> > every time I start rading about IPv6 I get a headache... |
| 8 |
>>> > |
| 9 |
>>> > Does anyone know of a decent tutorial written specifically to those who |
| 10 |
>>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't |
| 11 |
>>> > get bogged down in too many technical details, but simply explains what |
| 12 |
>>> > you need to know to be able to transition to it and use it effectively |
| 13 |
>>> > *and securely* - and/or how *not* to have to expose your entire private |
| 14 |
>>> > network to the world (what IPv4 NAT protects you from)? |
| 15 |
>>> |
| 16 |
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm |
| 17 |
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty |
| 18 |
>>> sure I'm also not the most knowledgeable on this list wrt IPv6, |
| 19 |
>>> either. Still, what would you like to know? (I can use your questions |
| 20 |
>>> as fodder and experience for future presentations. ^^) |
| 21 |
>> |
| 22 |
>> |
| 23 |
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all |
| 24 |
>> the IPv4 iptable rules also for IPv6? |
| 25 |
> |
| 26 |
> short answer: yes :) ip6tables works exactly like iptables, but with |
| 27 |
> IPv6 addresses. |
| 28 |
> |
| 29 |
> longer answer: probably, but it depends on what kind of rules you have |
| 30 |
> and whether all services you offer (or consume, if you block outbound |
| 31 |
> traffic) require both IPv4 and IPv6. |
| 32 |
> |
| 33 |
> On my server, my rules are simple and just consist of opening certain |
| 34 |
> ports and dropping everything else. The rules are exactly the same for |
| 35 |
> IPv4 and IPv6 in that case. |
| 36 |
|
| 37 |
You do need to be a little more careful with ICMP, though. If you |
| 38 |
block all of ICMP, you break neighbor discovery and a few other |
| 39 |
(potentially less important on a server) things. |
| 40 |
|
| 41 |
|
| 42 |
-- |
| 43 |
:wq |
Archives