Hey guys, The current systemvm has IPv6 enabled including autoconfiguration. This means that if the machine is placed in an IPv6 enabled network (or somebody starts sending router advertisements) the VM's based on the system vm will autoconfigure the interface. This means a possible way to bypass the installed firewall as the IPv6 firewall is set to accept everything opposite to the IPv4 firewall which is restricted.
My proposal is to include the following in sysctl.conf (at least until we properly support IPv6): # Disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.all.forwarding = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.all.autoconf = 0 If no objections I would like to commit this change. Cheers, Hugo
