Ok, few points here.
First, as a network engineer, everyone I work with and know prefers V6 by a
long shot. The finding of individual addresses is no harder on V6 than V4, you
can display your Mac table the same way. The routers usually have separate V4
and V6 RIBS as well so your V4 doesn’t mix with your V6 and your MPLS VPN
routes are yet again separate etc. You use the same BGP and filtering
mechanisms as V4 so that translates pretty nicely.
One thing you can do in the notation is all the 0 fields can be
represented with 2 :: marks. Something like
2001:4860:4860:0000:0000:0000:0000:1001 can be expressed as
2001:4860:4860::1001. The zeros need to be in contiguous blocks however and
you can only do the substitution once per address block.
The auto configuration feature is nice also. You don’t necessarily
need to run a DHCP server to have machines self address which is very nice.
I’ve never had problems banning IP addresses in V6 form but I’ve used
more advanced methods like RTBH using URPF loose mode and changing the next hop
to null 0 by using BGP communities or with BGP flow spec where you craft a
firewall filter based on the specific address and publish that to your edge
routers as part of the BGP session.Fail2Ban is quite good. My understanding is though it works with IP tables so you’d use both. When fail2ban jails an IP it drops an entry in the specific section of the IP tables rules. Admittedly though, I am a network engineer first and a decent unix guy second but my strongest skills are around routing and switching so I could be a little off with the systems level stuff. > On May 11, 2017, at 2:12 PM, Daniel Chavez <topdog2...@gmail.com> wrote: > > Good day list, > Most System Admin's, myself included, prefer IPV4 because it's a lot of what > most provider's support, plus tracking down machine's that utilize IPV4 tends > to be less stress on us. > As far as IPV6 masks, they come in the form of letter:number:lettter:number, > so banning them can be quite difficult, if not next to impossible, in certain > situations. > I do both Network and server administration and have been doing so for at > least 10 to 15 year's, and I can say that by using either IPTables and/or > Fail2ban, they both have strength's and weaknesses, though if it were me, I > like fail2ban myself. As IPTables gets the job done, it's rarely updated at > least on CentOS, while Fail2ban happens to be updated quite a bit more often. > On cPanel server's, especially, Fail2ban ties into IP tables while also > providing it's own level of protection which I find to be nice. > If I had a client server I, too, could pull a fail2ban config file, but I > don't have access right now to a server. > > -- > The following information is important for all members of the Mac Visionaries > list. > > If you have any questions or concerns about the running of this list, or if > you feel that a member's post is inappropriate, please contact the owners or > moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: > macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you > can reach Cara at caraqu...@caraquinn.com > > The archives for this list can be searched at: > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at https://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP
