Date: Sat, 20 Apr 2002 11:02:29 +0200 From: Peter Bieringer
1) basic firewalling can be done using simple portfilters like in earlier IPv4 days or advanced (dynamic) portfilters like today some commercial and open source firewalls do.
Currently known for IPv6: * Cisco routers with static portfilters * BSD ipfiter (don't know about state support) * Linux netfilter (state support experimental)
2) if no firewalling is done, but IPv6 access is established, in fact a client is complete "IPv6-open" to the Internet, even if protected by IPv4 firewalls.
As the SuSE kernel and some SuSE server packages have IPv6 enabled by default, I want to be sure that my SuSEfirewall2 is protecting these running servers. What rules/chains should I look for? Do I need to add custom rules? (In my case I don't want to expose any of them to the dial-up interface. I use sshd over v6 on internal ethernet but only for convenience of configuration, I could switch to ipv4 if I need) I guess I also need to explore nessus or nmap docs to see if I can set up a laptop to test the ppp interface of my little home gateway/server/workstation for ipv6 connectivity. dproc