Mailinglist Archive: opensuse (1599 mails)

< Previous Next >
Re: [opensuse] ipv4 Firewalls & ipv6: ipv6 encapsulate in ipv4 -> security hole?
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Mon, 26 Oct 2009 07:40:32 -0400
  • Message-id: <4AE58AB0.7010307@xxxxxxxxxx>
Linda Walsh wrote:
Adam Tauno Williams wrote:
That is the purpose of a firewall.
Speaking of do exsiting ipv4 firewalls interact
with IPV6?

Many of the ipv6 solutions I see use ipv4 some for of
encapsulation to get across "ipv6-dead zones".

So isn't that an open path into your network if your firewall
is ipv4 only? Or are all firewalls easily upgraded to ipv6?...

I'm a bit unclear on this -- seems like opening ipv6 inside my
ipv4 network is a potentially large and "unmonitorable" security hole,
since I can't even see the address as the firewall.

Even WinSP3 when it comes up appears to try to connect to MS ipv6
registration services through my existing ipv4 http proxy!...
I shut that down, not knowing exactly what it was doing, but not
feeling comfortable, just the same.

This would appear to require buying all new (read,
'*expensive*, if it includes IPV6, because it is not 'required' nor
the 'norm' -- mostly likely) firewall hardware.
Has anyone had any experience in this area?

While I haven't used OpenSUSE's firewall with IPv6, virtual NICs, such
as VPN or tunnel endpoints can be seen as just another NIC that the
firewall works with.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups