FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 06-28-2012, 11:19 AM
Ed W
 
Default ipv6 on by default for hardened profile - ACK

On 25/06/2012 12:08, Anthony G. Basile wrote:

Hi everyone,

We visited this issue during the first ipv6 global day and I asked the
masses: do you want ipv6 on by default or not. There was lots of back
and forth and since it was only a question of default, I left the
status quo, which is off by default.


But now the ipv6 pressures mount! Diego has made a good argument that
deploying hardened in an ipv6 only environment is a real pita. You
can't get the goodies you need to bootstrap into an ipv6 only
environment. With the growth in ipv6, I think it is time.


I'm alerting users so that you can make whatever changes you like to
ipv6 in your /etc/make.conf. In about 24 hours I will turn on by
default ipv6 on all hardened profiles.


ACK


There are plenty of reasons to argue for/against, but the big day when
large numbers of servers finally need to be IPV6 aware is coming. Lets
start getting our house in order.


Probably some notes on disabling ipv6 on a given machine would be
helpful, eg:

- iptables6 default drop
- iptables6 reject
- sysctl
- blacklist kernel module or build kernel without support
- kernel command line option (useful when not modular kernel)

Whilst we have the luxury of ipv6 being relatively unprobed and attacks
being relatively unusual and light, lets start getting the groundwork
developed for a default secure gentoo ipv6 system.


Lets switch ipv6 on by default

Cheers

Ed W
 
Old 06-28-2012, 01:27 PM
"Anthony G. Basile"
 
Default ipv6 on by default for hardened profile - ACK

On 06/28/2012 07:19 AM, Ed W wrote:


Lets switch ipv6 on by default

Cheers

Ed W


Thanks for your understanding Ed.

ivp6 is now on by default on all hardened profiles.

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
 

Thread Tools




All times are GMT. The time now is 06:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org