Disabling DHCPv6 requests
Karl Auer
kauer at biplane.com.au
Tue Sep 13 03:01:28 UTC 2016
On Mon, 2016-09-12 at 22:36 -0400, Peter Silva wrote:
> btw. I have been using dual-stack ipv4 and ipv6 for years. It's not
> something you need to disable ipv6 works fine.
True.
But you do need to take care of it - firewall rules and so on. IPv4 and
IPv6 are "ships in the night"; there is no intersection between them at
all, technically. *Nothing* you do for IPv4 affects IPv6 *at all*
(except for some tunnels).
All modern operating systems will acquire IPv6 addresses automatically
(not necessarily via DHCPv6) if the network they are in supports IPv6.
IPv6 generally provides end-to-end connectivity - you no longer have
the minimal protection of NAT, or the side-effect of its statefulness.
An IPv6-capable system in a working IPv6 network will generally have a
globally routable IPv6 address, and be directly accessible from the
Internet unless steps are taken.
So if you are on a network that provides IPv6 and your computer is not
properly protected, then sometimes the simplest protection is to
disable IPv6.
That said, a much better solution is is to accept that the future is
here (or at least coming soon :-) and make sure that you have a simple
and effective IPv6 filter in place. The simplest IPv6 filter that
should be on any Internet-connected system is:
allow ICMP inbound
allow established and related inbound
allow all outbound
deny all
Different packet filters (ip6tables, whatever) will express the above
in different ways, but hopefully the idea is clear.
Don't just block IPv6! If you do, you will have all sorts of strange
problems, because modern IPv6-capable systems prefer IPv6 to IPv4. If
they think they have connectivity but you have blocking it, you will
see long timeouts, parts of web pages not loading, emails not getting
sent etc. Disable it cleanly, or filter it properly, and you will have
no problem with IPv6 - or at least no more problems than you will have
with IPv4 :-)
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list