It is of course highly recommended to figure out a way to use the firewall in the router in IPv6 mode too.... Changing your setup to local fws only makes you both more vulnerable to attack and the total setup much harder to manage....
In a worst (or best depends on how you look at it) case scenario I would even say put a computer with 2 NICs between your network and the Internet and setup iptables/nftables/your favorite firewall there... (I wonder if a raspberry pi would be able to pull that off) Regards, Eliyahu - אליהו 2016-01-28 16:49 GMT+02:00 Omer Zak <w...@zak.co.il>: > On Thu, 2016-01-28 at 15:55 +0200, Beni Cherniavsky-Paskin wrote: > >> Brain dump & tips on starting with IPv6 [I imagine Shachar knows all >> this but for others, including future me ;-]: > > A nice brain dump! > > To complement the brain dump, I'd like to see advice, from anyone who > has experience with this, about securing the hosts against intruders via > both IPv4 and IPv6 - in other words, per host firewall. > > The reasons for this are: > 1. The firewall in Bezeq's router is turned off in Beni's setup. > 2. Those of us, who are not willing to switch to Xfone yet wish to > breathe the IPv6 pixie dust, will need to use IPv6 over IPv4 tunnelling. > It means that the computer running the tunnel will need an IPv6 firewall > around the local tunnel's endpoint. > > Another piece of advice desired is as follows. > How to configure the home network so that: > 1. It'll use IPv6 internally. > 2. Communicate with the outside world via both IPv4 and IPv6 tunnel. > 3. When your ISP finally starts to support IPv6, switching the home > network to pure IPv6 would be piece of cake. > > --- Omer > > > -- > According to Jean Boutcher, I am "a baby man, whining". > My own blog is at http://www.zak.co.il/tddpirate/ > > My opinions, as expressed in this E-mail message, are mine alone. > They do not represent the official policy of any organization with which > I may be affiliated in any way. > WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html > > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
