nanog mailing list archives
Re: /27 the new /24
From: "tim () pelican org" <tim () pelican org>
Date: Wed, 7 Oct 2015 15:18:11 +0100 (BST)
On Wednesday, 7 October, 2015 12:54, "Owen DeLong" <owen () delong com> said:
There are some important differences for ICMP (don’t break PMTU-D or ND), but otherwise, really not much difference between your IPv4 security policy and your IPv6 security policy.
The IPv4 world would have been nicer without quite so much of the "ICMP is eeeeeeeeevil!" nonsense, but agreed, it's somewhat more fundamental in IPv6.
In fact, on my linux box, I generate my IPv4 iptables file using little more than a global search and replace on the IPv6 iptables configuration which replaces the IPv6 prefixes/addresses with the corresponding IPv4 prefixes/addresses. (My IPv6 addresses for things that take incoming connections have an algorithmic map to IPv4 addresses for things that have them.)
Similarly for at least some supplied tools on top of iptables. 'ufw' Just Works with both - 'ufw allow 25/tcp' will insert the appropriate rule into both iptables and ip6tables, for example. Regards, Tim.
Current thread:
- Re: /27 the new /24, (continued)
- Re: /27 the new /24 Owen DeLong (Oct 07)
- Re: /27 the new /24 Mel Beckman (Oct 07)
- Re: /27 the new /24 Randy Bush (Oct 04)
- Re: /27 the new /24 Nick Hilliard (Oct 04)
- Re: /27 the new /24 Stephen Satchell (Oct 04)
- Re: /27 the new /24 Mel Beckman (Oct 04)
- Re: /27 the new /24 Denis Fondras (Oct 04)
- Re: /27 the new /24 Owen DeLong (Oct 07)
- Re: /27 the new /24 Stephen Satchell (Oct 07)
- Re: /27 the new /24 Ray Soucy (Oct 07)
- Re: /27 the new /24 tim () pelican org (Oct 07)
- Re: AW: /27 the new /24 Randy Bush (Oct 03)
- Re: /27 the new /24 Mike Hammett (Oct 02)
- Re: /27 the new /24 Matthew Kaufman (Oct 02)
- Re: /27 the new /24 Mike Hammett (Oct 02)
- Re: /27 the new /24 Roland Dobbins (Oct 02)
- AW: /27 the new /24 Jürgen Jaritsch (Oct 02)
- Re: /27 the new /24 William Herrin (Oct 02)
- Re: /27 the new /24 Mike Hammett (Oct 02)
- Re: /27 the new /24 Mel Beckman (Oct 02)