Disable IPv6 by default.
Nils Philippsen
nphilipp at redhat.com
Fri Sep 14 12:18:11 UTC 2007
On Thu, 2007-09-13 at 18:41 -0400, Chuck Anderson wrote:
> On Fri, Sep 14, 2007 at 12:38:04AM +0200, David Woodhouse wrote:
> > On Thu, 2007-09-13 at 22:12 +0200, Till Maas wrote:
> > > It circumenvents iptables rules.
> >
> > IPv6 doesn't 'circumvent' iptables rules any more than IPv4
> > 'circumvents' ip6tables rules.
> >
> > Besides, http://www.advogato.org/person/dwmw2/diary/164.html
>
> +1. Firewalls just break connectivity and are a handicap that enables
> people to be lazy about system security. And don't get me started on
> NAT :-)
-1. Firewalls are a mandatory access control system like SELinux. Their
purpose is to prevent (certain kinds of) connectivity outside of the
services they are shielding. You can easily log blocked connection
attempts.
Following your argument, one could say that "SELinux just breaks
functionality and is a handicap that enables developers to be lazy about
system security". Which it isn't. Both are additional lines of defense.
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
More information about the fedora-devel-list
mailing list