ipv6disable=1 as boot-param ignored (F20 3.10 kernel)
Reindl Harald
h.reindl at thelounge.net
Sat Jul 13 23:55:22 UTC 2013
Am 14.07.2013 01:43, schrieb Joe Zeff:
> On 07/12/2013 09:36 AM, Reindl Harald wrote:
>> coming up with a "link-local" address inside a network
>> which is *pure ipv4* on a server means *any* random
>> device which does the same may bypass all your firewall
>> rule ssince iptables and ip6tables are two different
>> services
>
> It might be a good idea, then, to configure ip6tables to deny
> everything and enable it just to be sure
and *that* is what is plain wrong
if you do not need smb/nfs/afp you simply do not start samba, nfsd
and netatalk and not block the started services in the firewall
hence on a sane and specific amchine you should not need to enable
any firewall at all if you can disable any type of network specific
service except them which would be open anyway because the machines
role as a public webserver as example
these are principles for network-administration and this thread
was *not* intented to discuss about disable ipv6 completly nor
the other direction - it had a very simple question until the
first reply came
and that is why on a *static*, only ipv4 configured interface should
not be a link-local address
since i have enough of this threads subject and content multiple
changed by evangelists i restored it now - and i am the one
who violates the etiquette? ridiculous if someone looks at
this thread in tree-view
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130714/52f26259/attachment.sig>
More information about the users
mailing list