Autor: Kill Your TV Data: Dla: tails-dev Nowe tematy: Re: [Tails-dev] IPv6 Temat: [Tails-dev] IPv6 (Was: firewall rules)
On Thu, 24 Jul 2014 21:14:48 +0000 (UTC)
intrigeri <intrigeri@???> wrote:
> Hi,
>
> (happy to see someone look at these rules in details, and question
> part of it!)
>
> Jacob Appelbaum wrote (24 Jul 2014 01:28:54 GMT) :
> > When would we ever have a RELATED or ESTABLISHED ipv6 connection
> > when everything is dropped?
Would it make sense to have IPv6 disabled by default in the kernel, such
as with `ipv6.disabled=1` at the syslinux prompt? Or disabling it with
sysctl? If nothing else it might fix those problems seen with mac
address spoofing like one can see with VirtualBox and bridged adapters
(not tested), such as
If it might be worthwhile, I can take a stab at it after the I2P things
are better taken care of. (Of course the existing firewall rules would
have to be modified to make the IPv6 rules conditional upon whether
IPv6 is enabled or not; otherwise *none* of the firewall rules get
applied if the IPv6 rules fail due to missing IPv6 support in the
kernel)
I just ask because at this point IPv6 clearly can't work for anyone
without modifications to the existing rules, so maybe remove IPv6 until
it's ready to be used?