Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   ipv6 on by default for hardened profile - ACK (http://www.linux-archive.org/gentoo-hardened/678081-ipv6-default-hardened-profile-ack.html)

Ed W 06-28-2012 11:19 AM

ipv6 on by default for hardened profile - ACK
 
On 25/06/2012 12:08, Anthony G. Basile wrote:

Hi everyone,

We visited this issue during the first ipv6 global day and I asked the
masses: do you want ipv6 on by default or not. There was lots of back
and forth and since it was only a question of default, I left the
status quo, which is off by default.


But now the ipv6 pressures mount! Diego has made a good argument that
deploying hardened in an ipv6 only environment is a real pita. You
can't get the goodies you need to bootstrap into an ipv6 only
environment. With the growth in ipv6, I think it is time.


I'm alerting users so that you can make whatever changes you like to
ipv6 in your /etc/make.conf. In about 24 hours I will turn on by
default ipv6 on all hardened profiles.


ACK


There are plenty of reasons to argue for/against, but the big day when
large numbers of servers finally need to be IPV6 aware is coming. Lets
start getting our house in order.


Probably some notes on disabling ipv6 on a given machine would be
helpful, eg:

- iptables6 default drop
- iptables6 reject
- sysctl
- blacklist kernel module or build kernel without support
- kernel command line option (useful when not modular kernel)

Whilst we have the luxury of ipv6 being relatively unprobed and attacks
being relatively unusual and light, lets start getting the groundwork
developed for a default secure gentoo ipv6 system.


Lets switch ipv6 on by default

Cheers

Ed W

"Anthony G. Basile" 06-28-2012 01:27 PM

ipv6 on by default for hardened profile - ACK
 
On 06/28/2012 07:19 AM, Ed W wrote:


Lets switch ipv6 on by default

Cheers

Ed W


Thanks for your understanding Ed.

ivp6 is now on by default on all hardened profiles.

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535


All times are GMT. The time now is 03:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.