On Wednesday, 7 October, 2015 12:54, "Owen DeLong" <o...@delong.com> said:
> There are some important differences for ICMP (don’t break PMTU-D or ND), > but otherwise, really not much difference between your IPv4 security policy > and > your IPv6 security policy. The IPv4 world would have been nicer without quite so much of the "ICMP is eeeeeeeeevil!" nonsense, but agreed, it's somewhat more fundamental in IPv6. > In fact, on my linux box, I generate my IPv4 iptables file using little more > than > a global search and replace on the IPv6 iptables configuration which replaces > the > IPv6 prefixes/addresses with the corresponding IPv4 prefixes/addresses. (My > IPv6 > addresses for things that take incoming connections have an algorithmic map to > IPv4 addresses for things that have them.) Similarly for at least some supplied tools on top of iptables. 'ufw' Just Works with both - 'ufw allow 25/tcp' will insert the appropriate rule into both iptables and ip6tables, for example. Regards, Tim.
