FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 06-30-2012, 06:51 PM
Ed W
 
Default Documenting disabling IPV6 off

Hi folks

Can we get some volunteers to write-up some ipv6 notes for the
gentoo/hardened docs


My quick notes would look as follows:

- What is ipv6, notes that it's basically a completely separate protocol
and might be unexpectedly enabled. Also discussion on link local vs
external ip addresses (quite a significant change from ipv4)


- Conditions to use it, eg enabling use flags AND noting that the
"listen" syntax is often different in the app of your choice, eg listen
[::} vs listen *


- Pointers on enabling external access to your machine (note I'm seeing
new providers turn on ipv6 every week, this is a fairly rapidly changing
situation now). ie enabling ipv6 tunnels, dhcpv6, autoconfig, etc


- How to disable ipv6. Sub notes:

a) iptables6 default drop (iptables -P)
b) iptables6 reject
# ip6tables -A INPUT -j DROP
# ip6tables -A OUTPUT -j DROP
# ip6tables -A FORWARD -j DROP
c) sysctl
d) blacklist kernel module or build kernel without support
e) kernel command line option (useful when not modular kernel)
"ipv6.disable=1"
f) Build specific apps without support (seems pointless though?)
g) Ensure specific apps only listen on ipv4 using config. Check using
"netstat -l"



Anyone care to kick that around for a bit, maybe pour some sauce on it?

Ed
 
Old 06-30-2012, 07:22 PM
Sven Vermeulen
 
Default Documenting disabling IPV6 off

On Sat, Jun 30, 2012 at 07:51:59PM +0100, Ed W wrote:
> Can we get some volunteers to write-up some ipv6 notes for the
> gentoo/hardened docs
[...]

Lots of that (all?) is not hardened-specific. It might be best to have it
generally documented in either the ipv6.xml document or on
https://wiki.gentoo.org.

Wkr,
Sven Vermeulen
 

Thread Tools




All times are GMT. The time now is 12:04 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org