On Tue, Mar 01, 2005 at 07:44:37AM -0600, Quantum Scientific wrote:
> Also one must become an ip6tables expert in order to have a reasonably secure
> firewall, because ip6tables and 6tables are dead, and Shorewall does not
> support IPV6 security for some reason. Another deterrant.
I have to oppose that statement. ip6tables is not dead, it's alive.
We're even at the brink of submitting nf_conntrack, the new connection
tracking engine that covers ipv4 and ipv6, to the mainline kernel.
I'm running a number of ipv6 packet filters, and as of now we are not
aware of any known issues or bugs in the current ip6tables code base.
--
- Harald Welte <laforge@xxxxxxxxxxxx> http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
signature.asc
Description: Digital signature
|