On 09/10/2016 04:28 PM, Rüdiger Meier wrote:
That might be a possibility for accidental misconfigurations. But it
doesn't address the overall security of an IPv6-only network that might contain a bad actor or two. Maybe you are overvaluing the "ipv4 security". What would happen within your LAN if you had two dhcp servers? Is your network protected against arp-spoofing?
Very true, Rüdiger. But isn't it also true that IPv4, being a simpler protocol, is easier to lock down? After all, you have to "enable" dhcp in IPv4, while you have to "disable" RA in IPv6. dhcp was added to v4, while RA was baked into v6.
I don't see that ipv6 has any issue which is not an issue on IPv4 too. For me it looks like your only real problem are these particular existing multiple ipv6 routers within your LAN. I guess if you really want to be more secure then you would also need to review your ipv4 setup.
If you are happy with usual ipv4/dhcp setup then you should also be happy with ipv6/dhcpv6 (disable ipv6 autoconfig).
Indeed. What exactly does net.ipv6.conf.all.autoconf=0 disable? Neighbor discovery? Router advertisements? Would there be any side effects? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org