-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi again.
I merged the new firewall + my modifications into trunk now.
~ Jow
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvcfS0ACgkQdputYINPTPPgmACbBRDf
Moin,
On Wednesday 28 April 2010 16:45:58 Jo-Philipp Wich wrote:
> > Therefore I believe that the /etc/sysctl.conf file should have
> > net.ipv6.conf.all.forwarding=1 set by default.
>
> A default firewall solution is needed before it can be made the default.
>
> Even if you or me do not need a
* Jo-Philipp Wich [28.04.2010 16:50]:
>
> A default firewall solution is needed before it can be made the default.
IMHO: apply alina's patches and set net.ipv6.conf.all.forwarding=1 by
default - hey, we are in trunk and wan't to play with the devices and
learn something. make a 'fat' warning in
Hi,
Le mercredi 28 avril 2010 à 20:29 +1000, Andrew Byrne a écrit :
> Right now it's in the file but commented out (since r12351). Does
> anyone know if having it in there by default causes any errors if
> kmod-ipv6 isn't installed?
Tested here, when doing a sysctl -p with net.ipv6.conf.all.forw
Le mardi 27 avril 2010 à 19:32 +0200, Alina Friedrichsen a écrit :
> Routers must not react on router advertisements (written in someone RFC)
> or you have a security problem.
Mmhhh ... you're right, I may not have thought enough in a router
perspective.
> IPv6 autoconfiguration and DHCPv6 are to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
> Therefore I believe that the /etc/sysctl.conf file should have
> net.ipv6.conf.all.forwarding=1 set by default.
A default firewall solution is needed before it can be made the default.
Even if you or me do not need a firewall it is not accepta
Hello Andrew!
> When IPv6 routing is enabled (net.ipv6.conf.*.forwarding),
> autoconfiguration is automatically prevented due to that RFC,
> regardless of the net.ipv6.conf.*.autoconf value.
This contradicts my observances. Autoconf is enabled even when
forwarding is enabled.
> OpenWrt should be
> Routers must not react on router advertisements (written in someone RFC)
> or you have a security problem.
When IPv6 routing is enabled (net.ipv6.conf.*.forwarding),
autoconfiguration is automatically prevented due to that RFC,
regardless of the net.ipv6.conf.*.autoconf value.
OpenWrt should be
Hi!
> > Today all interfaces have enabled IPv6 autoconfiguration now. That's the
> > real problem.
>
> I wouldn't call that a "problem", rather a "particular default
> behavior", or something along the line.
Routers must not react on router advertisements (written in someone RFC)
or you have a s
Hi!
> Perhaps this should be disabled if there is an ipv6addr entry in uci,
> but enabled if there isn't.
Routers should never react on router advertisements. If they do, this is
a security problem because, every client in the network can change the
routing table of the router.
"proto" "static"
Hi,
I'd like to comment a bit on this patch, too.
Le mardi 27 avril 2010 à 17:11 +0200, Alina Friedrichsen a écrit :
> > Yet it is impossibe to have dhcp-enabled interfaces *without* ipv6 then,
> > thats my point.
>
> Today all interfaces have enabled IPv6 autoconfiguration now. That's the
> rea
Hi
On 27 April 2010 17:11, Alina Friedrichsen wrote:
>> Also why only for "dhcp" and not "static" or any other
>> hypothetical protocol? The relation between dhcp and autoconf is arbritary.
>
> Because IPv6 autoconfiguration is the counterpart to IPv4 DCHP. If you
> choose "static" you want confi
> Yet it is impossibe to have dhcp-enabled interfaces *without* ipv6 then,
> thats my point.
Today all interfaces have enabled IPv6 autoconfiguration now. That's the
real problem.
In nearly all cases you have installed IPv6, you want IPv6
autoconfiguration on the same interface, that have IPv4 DCH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> It's not unconditionally, it's only enabled, if the interface "proto" is
> "dhcp". So it's configured in uci and you not need to touch this file.
> It's much more user friendly.
Yet it is impossibe to have dhcp-enabled interfaces *without* ipv6 the
Hi!
> Setting autconf to "0" for switch parent interfaces and bridge ports is
> okay,
You get really strange problems, if it's not so.
> but unconditionally setting it to "1" is not so ideal - it
> overrules whatever has been set in sysctl.conf (unless conf.all.autoconf
> overrides conf.$iface.a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
Setting autconf to "0" for switch parent interfaces and bridge ports is
okay, but unconditionally setting it to "1" is not so ideal - it
overrules whatever has been set in sysctl.conf (unless conf.all.autoconf
overrides conf.$iface.autoconf, but I
Disable the IPv6 autoconfiguration where it shouldn't enabled.
Signed-off-by: Alina Friedrichsen
Index: package/swconfig/files/switch.sh
===
--- package/swconfig/files/switch.sh (Revision 20854)
+++ package/swconfig/files/switch.sh
17 matches
Mail list logo