Mailinglist Archive: opensuse (1599 mails)

< Previous Next >
Re: [opensuse] Practicalities of IPv6
On Sun, 2009-10-25 at 14:23 +0100, Per Jessen wrote:
Hans Witvliet wrote:

It means that in the early days of migration (specially if people are
not aware of providers suddenly present a dual stack to their
customers) will find their network highly exposed.... (imho that's the
main reason for getting your feet wet early)

Is that a _real_ issue to worry about, Hans? If a customer is
IPv4-only, and his provider decides to offer IPv6 too without telling
the customer, I don't see that changing anything for the customer. His
network equipment isn't just going to switch into dual-stack just like
that.
For instance, my provider set up IPv6 on my ADSL line Thursday night,
and didn't tell me until Friday morning. I can assure you it did not
affect my site security at all.

I think so.
Systems can have their dhcp-set-up in different ways: IPV4-ONLY,
IPV6-ONLY and both IPv4 AND IPv6.
As long as your provider only hands out v4 addresses, all works well,
and the client just keeps on polling for ever.
But as soon as your ISP "sees the light" and gives you both an v4 AND
and v6 address, and your v6 rule-set is "accept anyone from anywhere"
you might (!) end up in shit-creek. <<<<<< find your system compromised.
Unless you have your ip6tables rule set changed to default
drop-anything, which implies that one has started to think/do something
with IPv6, which was the main issue i made.

Oh, btw, it also solves the problem of having multiple apache
ssl-vhosts.

I was just reading an article about that in the most recent c't
(#23 - "SSL fuer virtuelle Server"). It mentions something called "TLS
Server Name Indication" - seems like Apache has had support since
2.2.12.

yes, there are some workarounds, with address-mod-rewrite, but then you
use one certificate, for all webservers. And with IPv6 you simple can
give all webservers their own legitimate certificate.

hw
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups