ip6tables and multiple possible source addresses

Gert Doering gert at space.net
Wed Jan 18 10:50:13 CET 2012


On Tue, Jan 17, 2012 at 05:04:00PM -0800, Tom Perrine wrote:
> When writing a host-specific ip6tables rule, which address do you need 
> to list? All of the possible Global Scoped addresses?

Maybe this is an indication that host-specific ipv6 firewall rules for
"only certain hosts in an otherwise non-trusted /64 subnet" is a stupid
idea right from the start...

Of course it's completely unheard-of that evil host A could imperson 
trusted host B's address to circumvent these rules.

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list