Hi,
[As I changed the subject, let me clear: IPv6 still compiled in the kernel. Just the network interfaces configs
that should come with IPv6 disabled by default, if the user wants it should be easy to enable]
exactly *that* is my point
it is ridiculous that i bave a clearly static ipv4 config
using network.service as well as "ipv6disable=1" as kernel
param and on a F19 machine with 3.10.0-1.fc20.x86_64 eth0
comes up with "inet6 fe80::20c:29ff:fe30:82b9"
this is not a matter of ipv6 security / yes / no / don't know
it is a matter of if ipv6 would make sense for the network
and would enable and *properly* configure it but this is
not the case because the gateway is for sure not ipv6 capable
i do not need to see any ip-address (ipv4 or ipv6) on a
statically interface which was not explicitly configured
Having a smarter ifconfig / ip tool or ethernet device driver would be a
way to implement my proposal.
But, by the IPv6 RTFs, just having IPv6 enabled means there is an IPv6
address for that interface. IPv6 provides local auto-configuration for
network intefaces, without DHCP or any other infrastrucure being present.
That's one thing that creates security risks: you don't know you could
be reached by that address.
So, ifconfig or ip or whatever would have to disable IPv6 for any
interface that does not having an explicit IPv6 address. I'd think it
would be easier to have the default eth*-cfg files and Network Manager
disable IPv6 unless the user tells them to enable.
[]s, Fernando Lozano
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
