Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   Documenting disabling IPV6 off (http://www.linux-archive.org/gentoo-hardened/678825-documenting-disabling-ipv6-off.html)

Ed W 06-30-2012 06:51 PM

Documenting disabling IPV6 off
 
Hi folks

Can we get some volunteers to write-up some ipv6 notes for the
gentoo/hardened docs


My quick notes would look as follows:

- What is ipv6, notes that it's basically a completely separate protocol
and might be unexpectedly enabled. Also discussion on link local vs
external ip addresses (quite a significant change from ipv4)


- Conditions to use it, eg enabling use flags AND noting that the
"listen" syntax is often different in the app of your choice, eg listen
[::} vs listen *


- Pointers on enabling external access to your machine (note I'm seeing
new providers turn on ipv6 every week, this is a fairly rapidly changing
situation now). ie enabling ipv6 tunnels, dhcpv6, autoconfig, etc


- How to disable ipv6. Sub notes:

a) iptables6 default drop (iptables -P)
b) iptables6 reject
# ip6tables -A INPUT -j DROP
# ip6tables -A OUTPUT -j DROP
# ip6tables -A FORWARD -j DROP
c) sysctl
d) blacklist kernel module or build kernel without support
e) kernel command line option (useful when not modular kernel)
"ipv6.disable=1"
f) Build specific apps without support (seems pointless though?)
g) Ensure specific apps only listen on ipv4 using config. Check using
"netstat -l"



Anyone care to kick that around for a bit, maybe pour some sauce on it?

Ed

Sven Vermeulen 06-30-2012 07:22 PM

Documenting disabling IPV6 off
 
On Sat, Jun 30, 2012 at 07:51:59PM +0100, Ed W wrote:
> Can we get some volunteers to write-up some ipv6 notes for the
> gentoo/hardened docs
[...]

Lots of that (all?) is not hardened-specific. It might be best to have it
generally documented in either the ipv6.xml document or on
https://wiki.gentoo.org.

Wkr,
Sven Vermeulen


All times are GMT. The time now is 07:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.