Bug#611031: [gogoc] Add an option to not touch radvd/forwarding in router mode

2015-11-25 Thread Anders Jackson 
Gogogc is by default to set host_type=host, to only route IPv6 traffic to and 
from the local host, without forwarding any traffic to a LAN.

If one doesn't want gogoc to act as a router, one shouldn't put gogoc into 
router mode. And when one uses gogoc in router mode, one probably want to 
restart radvd with a new configuration file. 
Is it possibly to add a /etc/radvd.cond.d/, like other tools (like sudo with 
/etc/sudoes.d/ and apt with /etc/apt/sources.list.d/)?  That would solve this 
problem.

What could be done is also to put a comment in /etc/gogoc/gogoc.conf above 
host_type so that if one edit gogoc.conf to act as a router (host_type=router), 
one is warned by that line to also set up a firewall for IPv6.

Information about what happens when put in router mode could also be added in 
/usr/share/doc/gogoc/Debian.README.  
That a firewall with forward rules is needed when in router mode.  Maybe a 
suggestion of tools to use? Shorewall6 and Ufw would be my suggestions. Ufw do 
have support upstream for handling FORWARD rules.
 
So, please add some/all of those suggestions and close this bug.

Yours
Anders Jackson

On Tue, 25 Jan 2011 13:49:47 +1100 Craig Small  wrote:
> On Tue, Jan 25, 2011 at 03:41:46AM +0500, Roman Mamedov wrote:
> > My conclusion is that the 'linux.sh' script currently does way too much
> > automation, assuming it 'knows better' what the user wants. And among this, 
> > it
> > does things which are plain dangerous, not warning about them.
> Generally speaking it does know better.

Yes, I do agree on this.  At least in its use case.  If one knows better than 
gogoc, one can use /etc/network/interfaces.

> > I suggest adding a configuration file option to set whether or not linux.sh
> > should control RADVD and configure forwarding, and have that option off by
> > default.
> I wouldn't turn it off by default, people should know what a router is.
> By default the config sets you up as a host, which shouldn't be doing
> anything.
> 
> I will look into editing the linux.sh so you can disable certain things.

That could be a solution, but a more intrusive one.

>  - Craig
> 

Yours, Anders Jackson


smime.p7s
Description: S/MIME cryptographic signature

Bug#611031: [gogoc] Add an option to not touch radvd/forwarding in router mode

2011-01-24 Thread Roman Mamedov 
Package: gogoc
Version: 1:1.2-2
Severity: wishlist

Hello!

From what I can see, the gogo client currently when put in a 'router' mode in
the linux.sh template tries to generate a radvd.conf, then kill and restart
radvd at will. I consider this to be an obnoxious and unnecessary intrusion
into proper operation of another unrelated package - I might have had my own
radvd setup, of which the tunnel provided by gogoc is only a small part.

It also silently enables forwarding, not warning the user that they might also
want to set up ip6tables. So the internal network becomes completely exposed
without proper firewalling rules on the gateway in place.

My conclusion is that the 'linux.sh' script currently does way too much
automation, assuming it 'knows better' what the user wants. And among this, it
does things which are plain dangerous, not warning about them.

I suggest adding a configuration file option to set whether or not linux.sh
should control RADVD and configure forwarding, and have that option off by
default.

-- 
With respect,
Roman


signature.asc
Description: PGP signature

Bug#611031: [gogoc] Add an option to not touch radvd/forwarding in router mode

2011-01-24 Thread Craig Small 
On Tue, Jan 25, 2011 at 03:41:46AM +0500, Roman Mamedov wrote:
 My conclusion is that the 'linux.sh' script currently does way too much
 automation, assuming it 'knows better' what the user wants. And among this, it
 does things which are plain dangerous, not warning about them.
Generally speaking it does know better.

 I suggest adding a configuration file option to set whether or not linux.sh
 should control RADVD and configure forwarding, and have that option off by
 default.
I wouldn't turn it off by default, people should know what a router is.
By default the config sets you up as a host, which shouldn't be doing
anything.

I will look into editing the linux.sh so you can disable certain things.

 - Craig

-- 
Craig Small VK2XLZhttp://www.enc.com.au/   csmall at : enc.com.au
Debian GNU/Linux  http://www.debian.org/   csmall at : debian.org
GPG fingerprint:   1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org