Fedora 10 Live CD services (all necessary?)
Chuck Anderson
cra at WPI.EDU
Thu Oct 9 17:29:33 UTC 2008
On Thu, Oct 09, 2008 at 07:15:27PM +0200, Valent Turkovic wrote:
> "That is why I believe that ALL services should be disabled, and then
> for each one there should be some kind of explanation why this service
> absolutely needs to be enabled. All the rest services should be left
> disabled by default."
Ok, so that is why I'm pointing out the importance of ip6tables
service. The name "service" is really a misnomer, because all the
"service" does is load a configuration file into the kernel. Nothing
remains running or listening to network sockets after ip6tables is
done loading the firewall rules.
> Fedora 9 had an option during install where you choose to use or not
> to use IPv6, I don't see that option in Fedora 10, why? If there is an
> option I would like to disabel IPv6, and also IPv6 iptables. If there
> is no option to disable IPv6 then as I wrote already "there should be
> some kind of explanation why this service absolutely needs to be
> enabled."
Even if you disable IPv6 during the install of Fedora, it does NOT
prevent the IPv6 network stack from loading into the kernel.
Link-local will still work. Stateless IPv6 Auto-Configuration for
local and global connectivity will still work. The only thing it does
is prevent manual static addressing or DHCPv6 from being configured.
> In a care that IPv6 can't be disabled in Fedora 10, as as previously
> possible in Feodra 9, then IPv6 should be turned on by default.
Why don't we provide an option to disable IPv4 by default? (Hint:
that was a rhetorical question). In any case, given the miniscule
costs associated with keeping ip6tables enabled by default, I believe
the benefits to protect against accidental exposure to other IPv6
hosts is worth it, especially given how easy it is to unknowingly get
IPv6 connectivity.
> Why do you only commend the "low hanging fruits" :) ie. services, what
> are your comments regarding other services on the list?
It is my self-appointed job to be vigilent about IPv6 :-) I do care
about the others on your list, but I'm sure others care enough about
them to comment as well.
More information about the devel
mailing list