Re: IPv6 "out of the box" support (netbase requirement?)
On Wed, 9 Jul 2003, Noah Meyerhans wrote:
> On Wed, Jul 09, 2003 at 05:54:58PM -0500, Drew Scott Daniels wrote:
> > > Fair enough, starting from the next release netbase will always add the
> > > IPv6 localhost addresses.
> >
> > I suspect if this is done there may be many complaints, grumbles and
> > maybe some screams, so perhaps an announcement/warning first?
>
> What would the complaints be? It's not like these hosts entries are
> intrusive in any way.
Here is one: I have a carefully crafted firewalling script based on
iptables, and I believe I am relatively safe with respect to insecure
services; then you automagically add IPv6 support on my box and suddenly
my box is open to the world (iptables only filters IPv4). I think that you
are right in wanting IPv6 to be more or less automatically set up, to help
create a vast user base for it, but I second that a clear, loud warning
about it is a must. Then, at least for the problem I outlined, one is
advised to create also an iptables6 script to plug the IPv6 "hole". I wish
netfilter6 had connection tracking support...
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: