Re: IPv6 and DNS
Le mercredi 13 juillet 2011 à 20:48 +1000, Andrew McGlashan a écrit :
> Hi,
[...]
> Many using 3G USB modems are opening themselves up to abuse if (by
> default) having their machines directly connected to the Internet. Any
> machine that is directly accessible via the Internet _must_ have
> suitable security, ie a restrictive firewall at least. I can just
> imagine all the Windows laptops (well, not just Windows, but hey),
> becoming owned just because they are using a 3G USB modem directly on
> their machine without a firewall -- this will be amplified for those on
> ANY network that has open slather via IPv6 addressing.
NAT-like "security" may be enabled with 2 rules on the router/firewall
ISPs send to their customers.
ip6tables -A INPUT -i wan -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i wan -j DROP
Actually you need to accept some icmpv6 packets, then we need another
rule ;)
If ISPs sent their modem/box/router/whatever properly configured
(default configuration disallowing incoming connections), there is no
more security issues than with the ipv4/NAT setup.
--
Bastien Durel
Reply to: