[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewalling for IPv6

Wesley J. Landaker wrote:
> Hi folks,
> I have a few questions regarding the current state of firewalling for IPv6 
> in Debian.
> Searching through packages and the web, the best I could find is the 
> existance of ip6tables, and a bunch of articles talking about how Linux 
> *would* support (implying that it doesn't now(?)) IPv6 firewalling in the 
> future (one site I saw mentioned it would be in 2.6.11--I'm running 

The 2.4 and 2.6 series are working fine with IPv6 and firewalling for me.

> So, I guess what I'm wondering is:
> 1) Is there a FAQ about Linux and/or Debian + IPv6 firewalling? I'm more 
> than happy to R the FM if I can locate T right one. =)

You could start with the [1]Linux IPv6 Howto.

> 2) Are there any packages currently in Debian that support making IPv6 
> firewalls? (For IPv4, I am currently using firehol; I have used shorewall 
> in the past (I've heard of, but no little about 6wall); I'm not an iptables 
> expert, but I roughly know how to make it work).

[2]Fwbuilder may support ipv6 now, but I'm not sure. But then again,
when you know iptables you can learn ip6tables pretty quickly by
understanding how ipv6 works.

> 3) Assuming the answer is to use xyz/6wall/ip6tables, are there any critical 
> limitations I should be aware of? i.e. Are there known 
> features/bugs/workarounds missing/added/required?

Yes, ask yourself if ipv6 is ready for mainstream. More and more
applications like Apache, Postfix, OpenSSH, Courier, PostgreSQL,
OpenLDAP, INN2, Bind and NSD are adopting the new technology, but they
also show directly that we have a new long road before of us that we
need to explore. Don't expect that everything works the same with ipv6
as with ipv4. They only part that wonders me is that spammers haven't
discovered that many mailservers already can be reached over ipv6 ;-)


[1] http://tldp.org/HOWTO/Linux+IPv6-HOWTO/index.html
[2] http://packages.debian.org/testing/net/fwbuilder

Reply to: