Disable IPv6 by default.
Alexander Boström
abo at kth.se
Sat Sep 22 16:42:06 UTC 2007
On Thu, 2007-09-13 at 11:35 -0700, John Reiser wrote:
> For such users, leaving IPv6 enabled is a security risk.
The default ip6tables are pretty restrictive, so if you leave them
unchanged because you don't think they matter or don't know about them
it's fairly safe. (Except for ssh port, see below. And yes, I understand
that the filter rules are not the only complaint regarding IPv6 and
security.)
There are other more low-hanging fruits, I think. My personal pet peeve
is the default enabled sshd. It's off on the live CD thankfully, but
will it be off on the Desktop spin too? A desktop machine with sshd
enabled by default without telling the user and the user having no idea
that their crappy password can be exploited remotely is a really bad
idea IMO.
Besides, I think even if you don't have IPv6 routed to your machine,
there are probably interesting use cases for the link local addresse.
Really -1 for disabling IPv6, Fedora is about progress, not workarounds.
/abo
More information about the fedora-devel-list
mailing list