Re: rmoption INET6

2007-03-28 Thread J.C. Roberts
On Wednesday 28 March 2007 16:41, John Brahy wrote: > So if I use GENERIC and then disable ipv6 is that a safe thing do to? > In light of the recent security issue and since I don't use ipv6 I > thought it would make the system more secure, but I definitely don't > want to make it unstable. John,

Re: rmoption INET6

2007-03-28 Thread Jason Crawford
On 3/28/07, John Brahy <[EMAIL PROTECTED]> wrote: So if I use GENERIC and then disable ipv6 is that a safe thing do to? In light of the recent security issue and since I don't use ipv6 I thought it would make the system more secure, but I definitely don't want to make it unstable. If you follo

Re: rmoption INET6

2007-03-28 Thread Peter Hessler
NO. Making changes to GENERIC makes it not-GENERIC. Block ipv6 in your pf.conf, don't edit the kernel config files. On 2007 Mar 28 (Wed) at 16:41:20 -0700 (-0700), John Brahy wrote: :So if I use GENERIC and then disable ipv6 is that a safe thing do to? In :light of the recent security issue an

Re: rmoption INET6

2007-03-28 Thread Darrin Chandler
On Wed, Mar 28, 2007 at 04:41:20PM -0700, John Brahy wrote: > So if I use GENERIC and then disable ipv6 is that a safe thing do to? In > light of the recent security issue and since I don't use ipv6 I thought it > would make the system more secure, but I definitely don't want to make it > unstable.

Re: rmoption INET6

2007-03-28 Thread Jason Dixon
On Mar 28, 2007, at 7:41 PM, John Brahy wrote: So if I use GENERIC and then disable ipv6 is that a safe thing do to? In light of the recent security issue and since I don't use ipv6 I thought it would make the system more secure, but I definitely don't want to make it unstable. Yes, we u

Re: rmoption INET6

2007-03-28 Thread John Brahy
So if I use GENERIC and then disable ipv6 is that a safe thing do to? In light of the recent security issue and since I don't use ipv6 I thought it would make the system more secure, but I definitely don't want to make it unstable.

Re: rmoption INET6

2007-03-28 Thread Nick Holland
John Brahy wrote: > Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use > IPV6. maybe because you were smart and read the instructions? http://www.openbsd.org/faq/faq5.html#ProbIPv6 You provide the feet, we provide the bullets. And the warning. Nick.

Re: rmoption INET6

2007-03-28 Thread Paul de Weerd
On Wed, Mar 28, 2007 at 02:41:34PM -0700, John Brahy wrote: | You don't recompile your kernel? Isn't that part of keeping with stable? I do. But not my own. I build GENERIC and/or GENERIC.MP, not others. Only in documented circumstances will I build my *own* thing. There's an important differenc

Re: rmoption INET6

2007-03-28 Thread Darrin Chandler
On Wed, Mar 28, 2007 at 02:41:34PM -0700, John Brahy wrote: > You don't recompile your kernel? Isn't that part of keeping with stable? Mucking up your own kernel config and following -stable are not the same, as I suspect you already know. -- Darrin Chandler| Phoenix BSD User Group

Re: rmoption INET6

2007-03-28 Thread Peter Hessler
Recompiling doesn't mean using a custom kernel. That is the part you shouldn't do. When you recompile, just use GENERIC. On 2007 Mar 28 (Wed) at 14:41:34 -0700 (-0700), John Brahy wrote: :You don't recompile your kernel? Isn't that part of keeping with stable? -- "Every time I think I know wh

Re: rmoption INET6

2007-03-28 Thread John Brahy
You don't recompile your kernel? Isn't that part of keeping with stable? -Original Message- From: Paul de Weerd [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 2:27 PM To: John Brahy Cc: misc@openbsd.org Subject: Re: rmoption INET6 On Wed, Mar 28, 2007 at 01:54:

Re: rmoption INET6

2007-03-28 Thread Paul de Weerd
On Wed, Mar 28, 2007 at 01:54:48PM -0700, John Brahy wrote: | Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use | IPV6. The fact that you will run your own, unsupported, frankensteined kernel may be detrimental to your quest. You may want to remove driver s

rmoption INET6

2007-03-28 Thread John Brahy
Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use IPV6.