Re: Bindv6only once again
Na grupie linux.debian.devel napisałe(a)ś:
> 3) There are potential security bugs if an application black- or
> white-lists IPv4 addresses and someone uses an v6-mapped IPv4 address to
> connect. (Handwavy and, as far as I've seen, purely hypothetical.
I don't want to blow the discussion once again, but the security issue
is not only hypothetical. When I started using IPv6 I was deeply
disappointed when one daemon started ignoring my acls because of that.
Of course the daemon is fixed now, but the accident proves the risk is
real.
> Also
> ties the hands of the system administrator, who may want to treat
> v6-mapped addresses differently than the corresponding native IPv4
> address.)
I have no idea why one might want to do that.
Jarek.
Reply to: