Hi there!The way is recommended to implement IPv6 in a network while IPv4 is still alive is double stack. In a network where all have DNS records, double stack means that each FQDN has an A reg. and an AAAA reg.
So, deploying a DNS-based firewall takes you to duplicate the ruleset, first for iptables/ip6tables and then for ipset family inet/ipset family inet6
The question is:Do anyone knows a program, framework, script, method or whatever to face this situation?
I'm talking of an 'abstraction' method that hides the differences between iptables/ip6tables, as long as is using almost always FQDNs with both DNS regs to configure the ruleset.
Best regards. -- Arturo Borrero González Departamento de Seguridad Informática, @NIS_CICA (twitter) Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
