On 06/25/12 23:03, Alex Efros wrote: > > Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two > different routing tables and two different firewalls. Also, I suppose > enabling IPv6 on any server/router with non-trivial IPv4 firewall rules > may (and probably will!) result in creating new security holes until admin > will develop IPv6 firewall rules similar to existing IPv4 firewall rules. > And I suppose just trying to duplicate existing rules as is won't be > enough because of new IPv6-specific features, which is absent in IPv4, > and which should be additionally blocked/enabled too.
This is where I'm at -- being in the USA, I'll probably be long dead before our upstream supports ipv6. I don't even know enough about ipv6 to know what I don't know, so the only safe course is to have it disabled. It's easy enough to set USE="-ipv6" manually of course, but the same argument works for USE="ipv6". So, I think the default should be what most people want; i.e. what the fewest people will have to override. Do most hardened machines use ipv6?
