It is my belief (however misplaced it may be) that RFC 4193 (http://www.ietf.org/rfc/rfc4193.txt) saves us from that particular issue? At least in terms of needing each individual machine to have a firewall protecting itself from the internet at large.
Of course, if you run iptables on all of your machines now, then yes, you'll still want the stateful inspection of IPv6. --Matt On Tue, Nov 16, 2010 at 5:51 PM, Joe Pruett <[email protected]> wrote: > On 11/13/2010 05:44 PM, Paul Graydon wrote: >> I'm uhhmming and aahhing about this one. Certainly don't see any killer >> features that make it worthwhile me putting effort in to upgrading >> existing boxes, that said I'm hoping to retire some SuSE boxes at some >> point in the next 6-9 months and replace them with new hardware and >> CentOS (like most of our infrastructure). It would be logical to go >> CentOS 6 for longevity purposes, but I do rather like standardisation >> where possible. > the biggest thing i've been waiting for (and i hope it gets backported > to rhel5) is stateful ipv6 packet filtering. without that it makes it > hard to really be able to start utilizing ipv6 on the big scary internet. > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- LITTLE GIRL: But which cookie will you eat FIRST? COOKIE MONSTER: Me think you have misconception of cookie-eating process. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
