Documenting disabling IPV6 off
Hi folks
Can we get some volunteers to write-up some ipv6 notes for the gentoo/hardened docs My quick notes would look as follows: - What is ipv6, notes that it's basically a completely separate protocol and might be unexpectedly enabled. Also discussion on link local vs external ip addresses (quite a significant change from ipv4) - Conditions to use it, eg enabling use flags AND noting that the "listen" syntax is often different in the app of your choice, eg listen [::} vs listen * - Pointers on enabling external access to your machine (note I'm seeing new providers turn on ipv6 every week, this is a fairly rapidly changing situation now). ie enabling ipv6 tunnels, dhcpv6, autoconfig, etc - How to disable ipv6. Sub notes: a) iptables6 default drop (iptables -P) b) iptables6 reject # ip6tables -A INPUT -j DROP # ip6tables -A OUTPUT -j DROP # ip6tables -A FORWARD -j DROP c) sysctl d) blacklist kernel module or build kernel without support e) kernel command line option (useful when not modular kernel) "ipv6.disable=1" f) Build specific apps without support (seems pointless though?) g) Ensure specific apps only listen on ipv4 using config. Check using "netstat -l" Anyone care to kick that around for a bit, maybe pour some sauce on it? Ed |
Documenting disabling IPV6 off
On Sat, Jun 30, 2012 at 07:51:59PM +0100, Ed W wrote:
> Can we get some volunteers to write-up some ipv6 notes for the > gentoo/hardened docs [...] Lots of that (all?) is not hardened-specific. It might be best to have it generally documented in either the ipv6.xml document or on https://wiki.gentoo.org. Wkr, Sven Vermeulen |
| All times are GMT. The time now is 09:10 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.