netdev
[Top] [All Lists]

Re: Kernel 2.6 IPV6 Busted

To: netdev@xxxxxxxxxxx
Subject: Re: Kernel 2.6 IPV6 Busted
From: Quantum Scientific <Info@xxxxxxxxxxxxxxx>
Date: Tue, 1 Mar 2005 17:59:53 -0600
Helo: PowerMAC
In-reply-to: <4224E3A1.5090003@xxxxxxxx>
References: <200502270928.44402.Info@xxxxxxxxxxxxxxx> <200502271220.06560.Info@xxxxxxxxxxxxxxx> <4224E3A1.5090003@xxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: KMail/1.7.1
On Tuesday 01 March 2005 15:50, Andre Tomt wrote:
> > Remember what my issue is:  
> > - I have a very tight firewall,
> > - I ping6 out,
> > - The firewall blocks the reply back, because the connection is stateless!
> Never, ever, filter ICMP. Or at least be extremely careful doing so. You 
> may end up breaking things like PMTU and error notification mechanisms.

Care to propose some rules?  Maybe not.

 
> Also on a per-system basis I tend to prefer to secure services rather 
> than firewall them; by for example just shutting them off/uninstalling 
> them if not used, binding to localhost, use tcpwrappers.. that sort of 
> thing.

Of course.  This is implicit.  But closing everything is best, to avert 
investigative activity.

Carl Cook


<Prev in Thread] Current Thread [Next in Thread>