Am 14.07.2013 01:43, schrieb Joe Zeff: > On 07/12/2013 09:36 AM, Reindl Harald wrote: >> coming up with a "link-local" address inside a network >> which is *pure ipv4* on a server means *any* random >> device which does the same may bypass all your firewall >> rule ssince iptables and ip6tables are two different >> services > > It might be a good idea, then, to configure ip6tables to deny > everything and enable it just to be sure
and *that* is what is plain wrong if you do not need smb/nfs/afp you simply do not start samba, nfsd and netatalk and not block the started services in the firewall hence on a sane and specific amchine you should not need to enable any firewall at all if you can disable any type of network specific service except them which would be open anyway because the machines role as a public webserver as example these are principles for network-administration and this thread was *not* intented to discuss about disable ipv6 completly nor the other direction - it had a very simple question until the first reply came and that is why on a *static*, only ipv4 configured interface should not be a link-local address since i have enough of this threads subject and content multiple changed by evangelists i restored it now - and i am the one who violates the etiquette? ridiculous if someone looks at this thread in tree-view
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
