| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | Re: Kernel 2.6 IPV6 Busted |
| From: | Quantum Scientific <Info@xxxxxxxxxxxxxxx> |
| Date: | Tue, 1 Mar 2005 17:59:53 -0600 |
| Helo: | PowerMAC |
| In-reply-to: | <4224E3A1.5090003@xxxxxxxx> |
| References: | <200502270928.44402.Info@xxxxxxxxxxxxxxx> <200502271220.06560.Info@xxxxxxxxxxxxxxx> <4224E3A1.5090003@xxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | KMail/1.7.1 |
On Tuesday 01 March 2005 15:50, Andre Tomt wrote: > > Remember what my issue is: > > - I have a very tight firewall, > > - I ping6 out, > > - The firewall blocks the reply back, because the connection is stateless! > Never, ever, filter ICMP. Or at least be extremely careful doing so. You > may end up breaking things like PMTU and error notification mechanisms. Care to propose some rules? Maybe not. > Also on a per-system basis I tend to prefer to secure services rather > than firewall them; by for example just shutting them off/uninstalling > them if not used, binding to localhost, use tcpwrappers.. that sort of > thing. Of course. This is implicit. But closing everything is best, to avert investigative activity. Carl Cook |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Kernel 2.6 IPV6 Busted, Quantum Scientific |
|---|---|
| Next by Date: | Re: [Lse-tech] Re: A common layer for Accounting packages, Paul Jackson |
| Previous by Thread: | Re: Kernel 2.6 IPV6 Busted, Andre Tomt |
| Next by Thread: | Re: Kernel 2.6 IPV6 Busted, Horms |
| Indexes: | [Date] [Thread] [Top] [All Lists] |