IP6tables and sendmail
Aleksandar Milivojevic
amilivojevic at pbl.ca
Fri Nov 26 20:46:29 UTC 2004
Gregory P. Ennis wrote:
> In trying to tinker with iptables, hosts.allow, and the hosts.deny files
> on both systems I have not been able to make any headway. When I used
> ifconfig on the FC3 unit I noticed th6 and IP4 protocols.
>
> eth0 Link encap:Ethernet HWaddr 00:11:5B:55:75:2C
> inet addr:10.0.0.131 Bcast:10.0.0.255 Mask:255.255.255.0
> inet6 addr: fe80::211:5bff:fe55:752c/64 Scope:Link
Yeah, that's Link local IPv6 address that is automatically assigned to
the interface according to rfc-somenumber. In most cases, if you leave
things as-is, it is next to unusable.
Anyhow, if you don't use IPv6, don't know how to configure IPv6 so that
you can actually use it, don't want to be bothered with IPv6, don't want
to have to configure IPv6 firewall, and so on, and so forth, simply add
this line to /etc/modprobe.conf and reboot:
alias net-pf-10 off
And IPv6 is all gone from your box. The above was default in 2.4
kernels (if you wanted IPv6 module automatically loaded as soon as you
start IPv6 enabled application, you had to do "alias net-pf-10 ipv6").
Apperently, kernel developers decided for us that starting with 2.6
kernels, it is time that everybody should have IPv6 loaded by default.
Actually, even in FC3, initscripts are not yet updated for this change
in kernel behaviour.
While we are on the subject, I courious how many of you folks out there
acutally installed and configured iptables-ipv6 (or disabled IPv6) on
your firewall boxes, and how many of you are wide open?
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list