On Mon, Jul 30, 2012 at 7:20 AM, Hugo Trippaers <htrippa...@schubergphilis.com> wrote: > Hey guys, > > The current systemvm has IPv6 enabled including autoconfiguration. This means > that if the machine is placed in an IPv6 enabled network (or somebody starts > sending router advertisements) the VM's based on the system vm will > autoconfigure the interface. This means a possible way to bypass the > installed firewall as the IPv6 firewall is set to accept everything opposite > to the IPv4 firewall which is restricted. > > My proposal is to include the following in sysctl.conf (at least until we > properly support IPv6): > # Disable IPv6 > net.ipv6.conf.all.disable_ipv6 = 1 > net.ipv6.conf.all.forwarding = 0 > net.ipv6.conf.all.accept_ra = 0 > net.ipv6.conf.all.accept_redirects = 0 > net.ipv6.conf.all.autoconf = 0 > > If no objections I would like to commit this change. > > Cheers, > > Hugo
+1 - This seems pretty important to fix.
