[wellylug] Debian message
Daniel Pittman
daniel at rimspace.net
Sat Oct 10 18:56:20 NZDT 2009
John Durham <john.modec at xtra.co.nz> writes:
> Daniel Pittman wrote:
>> Lee Begg <llnz at paradise.net.nz> writes:
>>> On Sat, 10 Oct 2009 15:40:43 John Durham wrote:
>>>
>>>> I just started up my Debian web server after a few days down. The domain
>>>> name was being renewed, so the hardware took a rest for a while. It
>>>> produced this message: etth0: No IPV6 routers present.
[...]
>> The one thing I would note is that this indicates that IPv6 is enabled on the
>> server. Aside from the router stuff, there will *also* be an automatically
>> generated link-local IPv6 address.
>>
>> This means that any other machine on the same physical network segment can
>> talk to your server via IPv6, and your IPv4 firewall will not have any
>> influence over that.
>>
>> This may, or may not, be a problem, but it is better that you are aware of the
>> situation so you can assess the (lack of) risk for yourself.
>
> This is the first suggestion I've heard abut such a possibility. Would
> hardly know where to start looking for data about it.
You can read about IPv6 here: http://en.wikipedia.org/wiki/Ipv6
The "stateless autoconfiguration" and "link-local addresses" segments will
document the nature of the traffic stuff.
Beyond that, ip6tables is the equivalent tool to iptables, and shares an awful
lot of firewall stuff in recent kernel versions. You should, at works, be
able to simply block all IPv6 traffic, worst case.
Daniel
--
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
More information about the wellylug
mailing list