On Sat, Mar 31, 2012 at 3:24 PM, Peter Eckel <lists@xxxxxxxxxxxx> wrote:
>
>> If the addresses are auto-discovered, how are you supposed to be able to configure filtering rules for what you want to let through?
>
> very simply.
>
> 1. Each interface on an IPv6 enabled machine has several addresses. One of them is the autoconfigured address, one is the (a) Privacy Extension address, and then you can still configure addresses manually. Obviously the latter method is the right choice for servers.
>
> 2. Except for the Privacy Extension address(es), auto-configured addresses are static (although virtually unmemorisable) as long as the prefix and the host's MAC address are. So there is a static address that you can put into your DNS and configure on your firewall.
How do applications choose the correct outbound address in that
scenario? That has always been a problem when using multiple ipv4
addresses on the same interface in combination with firewalling, etc.
where the source address matters.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
