Re: [Openstack] DHCP for IPv6

Mon, 02 Oct 2017 09:28:50 -0700

BTW, the networking guide does mention this, found after Steve figure out what the problem was. 

https://docs.openstack.org/ocata/networking-guide/config-ipv6.html#configuring-interfaces-of-the-guest

-Brian

On 09/28/2017 08:49 PM, Jorge Luiz Correa wrote:

Thanks for explain Jeremy! Very clear.

I think systems with cloud-init enabled, like most images, can be easily 
configured to disable this feature.

Thank you!
:)


On 28 Sep 2017, at 21:37, Jeremy Stanley <fu...@yuggoth.org> wrote:

On 2017-09-28 20:29:38 -0300 (-0300), Jorge Luiz Correa wrote:

It would be good if developers could know about that because
privacy extension is becoming the default on every operate
systems. I've tested last version of *ubuntu and some FreeBSD
kernels, all operating with privacy extension by default.

So, this way of creating the iptables rules need to be reviewed.

[...]

To accommodate privacy extensions, we'd basically have to give up on
any assumptions as to what the viable source addresses originating
on a port could be (at least within the netmask). This filtering is
the primary mechanism for preventing address spoofing within a
shared network.

By comparison, RFC 4941 privacy extensions are primarily a
protection for desktop/mobile client systems and do little (if
anything) useful for a statically-addressed server. Disabling it
there makes a lot of sense to me, as a privacy/security-conscious
sysadmin.
--
Jeremy Stanley
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to