Date: Sat, 20 Apr 2002 11:02:29 +0200 From: Peter Bieringer <pb@bieringer.de>
1) basic firewalling can be done using simple portfilters like in earlier IPv4 days or advanced (dynamic) portfilters like today some commercial and open source firewalls do.
Currently known for IPv6: * Cisco routers with static portfilters * BSD ipfiter (don't know about state support) * Linux netfilter (state support experimental)
2) if no firewalling is done, but IPv6 access is established, in fact a client is complete "IPv6-open" to the Internet, even if protected by IPv4 firewalls.
As the SuSE kernel and some SuSE server packages have IPv6 enabled by default, I want to be sure that my SuSEfirewall2 is protecting these running servers. What rules/chains should I look for? Do I need to add custom rules? (In my case I don't want to expose any of them to the dial-up interface. I use sshd over v6 on internal ethernet but only for convenience of configuration, I could switch to ipv4 if I need) I guess I also need to explore nessus or nmap docs to see if I can set up a laptop to test the ppp interface of my little home gateway/server/workstation for ipv6 connectivity. dproc