Jason Dixon wrote on Sun, Dec 17, 2006 at 03:17:01PM -0500: > On Dec 17, 2006, at 2:51 PM, carlopmart wrote:
>> Yes, my security staff orders to disable IPv6 protocol >> on all our firewalls ... > Your security staff is clueless. > I bet they like to block icmp echo-request too. If they really force you to conform to that kind of "security staff orders", minimize the breakage by using pf(4) - and pf only. In particular, do refrain from rolling your own kernel to remove IPv6. If i remember correctly, the last time INET6 #ifdefs needed correction for -current in CVS is about a week ago. Correctness and reliability of IPv6-disabled kernels is not regarded as a high priority issue - but you might wish for maximum correctness and reliablity of your firewalls.
