Re: Disable IPv6 by default.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-09-13 at 18:41 -0400, Chuck Anderson wrote:
> On Fri, Sep 14, 2007 at 12:38:04AM +0200, David Woodhouse wrote:
> > On Thu, 2007-09-13 at 22:12 +0200, Till Maas wrote:
> > > It circumenvents iptables rules. 
> > 
> > IPv6 doesn't 'circumvent' iptables rules any more than IPv4
> > 'circumvents' ip6tables rules.
> > 
> > Besides, http://www.advogato.org/person/dwmw2/diary/164.html
> 
> +1.  Firewalls just break connectivity and are a handicap that enables 
> people to be lazy about system security.  And don't get me started on 
> NAT :-)

-1. Firewalls are a mandatory access control system like SELinux. Their
purpose is to prevent (certain kinds of) connectivity outside of the
services they are shielding. You can easily log blocked connection
attempts.

Following your argument, one could say that "SELinux just breaks
functionality and is a handicap that enables developers to be lazy about
system security". Which it isn't. Both are additional lines of defense.

Nils
-- 
     Nils Philippsen    /    Red Hat    /    nphilipp@xxxxxxxxxx
"Those who would give up Essential Liberty to purchase a little Temporary
 Safety, deserve neither Liberty nor Safety."  --  B. Franklin, 1759
 PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux