NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPV6 issues

Thor Lancelot Simon <> writes:

> On Wed, Apr 16, 2014 at 06:29:02PM -0400, Greg Troxel wrote:
>> So I would ask: why do you think you need to disable it?  By default,
>> the system will have no v6 addresses configured and should not incur
>> delays due to this.  Are you having a problem?
> The system will have link-local addresses configured and anything that
> listens on ANY will take packets from them.  Without a firewall configuration
> that blocks all IPv6 traffic on the Internet side, this can be very
> dangerous, effectively exposing services that were not exposed over IPv4.

A fair point.  I run real v6, so I have a corresponding v6 ruleset, but
I hadn't really contemptated link-local.  I wonder, given that, if our
firewall rules should be configured so that one can write rules that
match tcp/tcp6 in one rule, kind of like the tcp/udp block rules for the
same port in different protocols within an AF.

Attachment: pgpPEjv3BtH6D.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index