ip6tables and multiple possible source addresses
Gert Doering
gert at space.net
Wed Jan 18 10:50:13 CET 2012
Hi,
On Tue, Jan 17, 2012 at 05:04:00PM -0800, Tom Perrine wrote:
> When writing a host-specific ip6tables rule, which address do you need
> to list? All of the possible Global Scoped addresses?
Maybe this is an indication that host-specific ipv6 firewall rules for
"only certain hosts in an otherwise non-trusted /64 subnet" is a stupid
idea right from the start...
Of course it's completely unheard-of that evil host A could imperson
trusted host B's address to circumvent these rules.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list