* Claudio Jeker <[email protected]> [2014-05-15 09:33]: > On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote: > > so as discussed recently having the inet6 link-local addrs on every > > interface by default is stupid and a security risk. > > > > this diff fixes that. well, really two independent parts. > > one: set the NOINET6 flag by default on each and every interface. > > two: implement "ifconfig <if> +inet6" to turn inet6 on and assign > > the link-local addr. > > > > this should be transparent for almost all real use cases of inet6 > > since assigning any inet6 address also resets the flag (and ll is > > assigned then as well). > > lo0 still gets it's ::1 and fe80::1%lo0 by default. > > > > the only use case that needs config adoption: people ONLY using > > link-local, they will need to put +inet6 in the corresponding > > hostname.if file. > > > > ok? > > To be honest the right fix would be to get rid of IFXF_NOINET6 and > just make it the default. There is no need for such a flag anymore.
very valid point, I'll happily clean that up right after - one thing at a time. -- Henning Brauer, [email protected], [email protected] BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
