Re: Disable IPv6 by default.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-09-13 at 11:35 -0700, John Reiser wrote:
> For such users, leaving IPv6 enabled is a security risk. 

The default ip6tables are pretty restrictive, so if you leave them
unchanged because you don't think they matter or don't know about them
it's fairly safe. (Except for ssh port, see below. And yes, I understand
that the filter rules are not the only complaint regarding IPv6 and
security.)

There are other more low-hanging fruits, I think. My personal pet peeve
is the default enabled sshd. It's off on the live CD thankfully, but
will it be off on the Desktop spin too? A desktop machine with sshd
enabled by default without telling the user and the user having no idea
that their crappy password can be exploited remotely is a really bad
idea IMO.

Besides, I think even if you don't have IPv6 routed to your machine,
there are probably interesting use cases for the link local addresse.

Really -1 for disabling IPv6, Fedora is about progress, not workarounds.

/abo


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux