Linux Archive

Linux Archive (
-   Gentoo Hardened (
-   -   Documenting disabling IPV6 off (

Ed W 06-30-2012 06:51 PM

Documenting disabling IPV6 off
Hi folks

Can we get some volunteers to write-up some ipv6 notes for the
gentoo/hardened docs

My quick notes would look as follows:

- What is ipv6, notes that it's basically a completely separate protocol
and might be unexpectedly enabled. Also discussion on link local vs
external ip addresses (quite a significant change from ipv4)

- Conditions to use it, eg enabling use flags AND noting that the
"listen" syntax is often different in the app of your choice, eg listen
[::} vs listen *

- Pointers on enabling external access to your machine (note I'm seeing
new providers turn on ipv6 every week, this is a fairly rapidly changing
situation now). ie enabling ipv6 tunnels, dhcpv6, autoconfig, etc

- How to disable ipv6. Sub notes:

a) iptables6 default drop (iptables -P)
b) iptables6 reject
# ip6tables -A INPUT -j DROP
# ip6tables -A OUTPUT -j DROP
# ip6tables -A FORWARD -j DROP
c) sysctl
d) blacklist kernel module or build kernel without support
e) kernel command line option (useful when not modular kernel)
f) Build specific apps without support (seems pointless though?)
g) Ensure specific apps only listen on ipv4 using config. Check using
"netstat -l"

Anyone care to kick that around for a bit, maybe pour some sauce on it?


Sven Vermeulen 06-30-2012 07:22 PM

Documenting disabling IPV6 off
On Sat, Jun 30, 2012 at 07:51:59PM +0100, Ed W wrote:
> Can we get some volunteers to write-up some ipv6 notes for the
> gentoo/hardened docs

Lots of that (all?) is not hardened-specific. It might be best to have it
generally documented in either the ipv6.xml document or on

Sven Vermeulen

All times are GMT. The time now is 08:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.