On Thu, Jan 19, 2012 at 6:16 PM, Paul Hartman <paul.hartman+gen...@gmail.com> wrote: > On Thu, Jan 19, 2012 at 4:32 PM, Mick <michaelkintz...@gmail.com> wrote: >> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: >>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tansta...@libertytrek.org> >>> wrote: >>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but >>> > every time I start rading about IPv6 I get a headache... >>> > >>> > Does anyone know of a decent tutorial written specifically to those who >>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't >>> > get bogged down in too many technical details, but simply explains what >>> > you need to know to be able to transition to it and use it effectively >>> > *and securely* - and/or how *not* to have to expose your entire private >>> > network to the world (what IPv4 NAT protects you from)? >>> >>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm >>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty >>> sure I'm also not the most knowledgeable on this list wrt IPv6, >>> either. Still, what would you like to know? (I can use your questions >>> as fodder and experience for future presentations. ^^) >> >> >> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all >> the IPv4 iptable rules also for IPv6? > > short answer: yes :) ip6tables works exactly like iptables, but with > IPv6 addresses. > > longer answer: probably, but it depends on what kind of rules you have > and whether all services you offer (or consume, if you block outbound > traffic) require both IPv4 and IPv6. > > On my server, my rules are simple and just consist of opening certain > ports and dropping everything else. The rules are exactly the same for > IPv4 and IPv6 in that case.
You do need to be a little more careful with ICMP, though. If you block all of ICMP, you break neighbor discovery and a few other (potentially less important on a server) things. -- :wq
