Mailinglist Archive: opensuse (1599 mails)

< Previous Next >
[opensuse] ipv4 Firewalls & ipv6: ipv6 encapsulate in ipv4 -> security hole?
  • From: Linda Walsh <suse@xxxxxxxxx>
  • Date: Sun, 25 Oct 2009 20:44:33 -0700
  • Message-id: <4AE51B21.9000507@xxxxxxxxx>
Adam Tauno Williams wrote:
That is the purpose of a firewall.
---
Speaking of which...how do exsiting ipv4 firewalls interact
with IPV6?

Many of the ipv6 solutions I see use ipv4 some for of encapsulation to get across
"ipv6-dead zones".

So isn't that an open path into your network if your firewall
is ipv4 only? Or are all firewalls easily upgraded to ipv6?...

I'm a bit unclear on this -- seems like opening ipv6 inside my ipv4 network is a
potentially large and "unmonitorable" security hole, since I can't even see the
address as the firewall.

Even WinSP3 when it comes up appears to try to connect to MS ipv6 registration services through my existing ipv4 http proxy!...
I shut that down, not knowing exactly what it was doing, but not
feeling comfortable, just the same.

This would appear to require buying all new (read,
'*expensive*, if it includes IPV6, because it is not 'required' nor the 'norm' -- mostly likely) firewall hardware.
Has anyone had any experience in this area?

-linda
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >