Disabling ipv6

Chris Adams linux at cmadams.net
Thu Jul 11 18:12:09 UTC 2013 

Once upon a time, Fernando Lozano <fernando at lozano.eti.br> said:
> If NAT prevents anyone from the internet to try to connect to my
> computer, this is increased security. After all, don't we configure
> firewalls exactly to prevent unwanted connections?

Use the firewall, ditch the NAT.  NAT does not increase security over a
firewall.  In some cases, NAT prevents a user from accessing the
Internet, rather than the other way around.

> NAT is a fact today, has been for years, and people have been using
> Bittorrent and Skype regardless.

And sometimes they (and other applications) don't work, because of
things like layered NAT.

> For home users and SMBs, NAT is something that was taken care of.
> IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I
> am against wide use of IPv6 right now. Let it mature.

How will it "mature" if nobody tries it?  Fedora is a leading-edge
operating system, and full IPv6 support is part of that.

> >As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which
> >adds layers of NAT that break things like P2P applications and IPSec.
> I'll happily trade IPSec for OpenVPN. ;-)

That's nice, but in the real world, users have to connect to VPNs
configured by others (and many businesses need hardware VPN
concentrators, which OpenVPN won't work with).

> To just use the network they need only IPv4.

That is not true in some places (and the number of such places is
increasing all the time).

> They don't need the
> security risks that current IPv6 implementation and default
> configurations adds. Today, IPv6 is far from "just works". You are
> advocating using all end users as guiena pigs for IPv6 evolution. I
> advocate evolving IPv6 before exposing end users to ti.

You are several years behind the curve on IPv6.

You keep talking about IPv6 security risks (over IPv4), but haven't
cited any.

IPv6 does "just work" in many places; there are a lot of people that are
using IPv6 and don't even know it (because they don't need to know; they
just want to get to Facebook/Gmail/etc.).  Fedora (and most Linux
distributions I believe) have had IPv6 enabled-by-default for years; so
have Mac OS X and Windows (even XP since IIRC SP2 will get an IPv6
autoconf address and use IPv6 transparently).

Whether you like it or not, IPv6 is here today and is here to stay.
There is no practical alternative.  Will there be bugs?  Yes, of course;
people are still finding IPv4 bugs as well.
-- 
Chris Adams <linux at cmadams.net>

More information about the users mailing list