[clug] IPv6 talks

George at Clug Clug at goproject.info
Mon Nov 9 19:27:31 UTC 2015 

    Hi Bob, what is scheduled for this coming CLUG meeting?

Are you able to give a talk on IPv6 ?  IPv6 is becoming quite
important for anyone running servers on a network.

If you have any material you can pass on, please do, I can do some
pre-reading.

My suggested topic list  
1) Basic understanding of IPv6

2) Testing/verifying IPv6 traffic (e.g. prove effectiveness of
firewalls)

3) IPv6 Firewall

4) BIND9 configuration for IPv6

5) IPv6 routing

_IPv6 appears to have it challenges, and from my reading many systems
are not fully Pv6 capable._

Are you aware of security issues related to systems not managing IPv6
correctly?  For example firewalls that inadvertently allow IPv6 to
traverse because they don't know how to block or manage IPv6 ?

I have used Smoothwall for some time now, it is a great IPv4 firewall
appliance that provides an effective IPv4 DMZ, but Smoothwall does not
manage IPv6.  Do you know of any firewalls that provide DMZ and
manage IPv6 ?


-----------------------------------------------------------------------
http://smoothwall.uservoice.com/forums/145832-smoothwall/suggestions/10406706-ipv6-support
Any and all ideas and feedback for Smoothwall - IPv6 Support
2015 and no IPv6 support... Like it or not IPv6 is here... and we use
it! Please develop support



https://wiki.debian.org/DebianFirewall#Using_ip6tables_for_IPv6_traffic
Because of growth, Internet is slowly switching to IPv6, that has a
much larger address space than IPv4, and Debian is IPv6 capable. 



http://shorewall.net/IPv6Support.html
Shorewall6 Differences from Shorewall

Configuring and operating Shorewall6 is very similar to configuring
Shorewall with some notable exceptions:

No NAT

    In Shorewall6, there is no NAT of any kind (Netfilter6 doesn't
support any form of NAT). Most people consider this to be a giant step
forward.

    When an ISP assigns you an IPv6 address, you are actually
assigned an IPv6 prefix (similar to a subnet). A 64-bit prefix defines
a subnet with 4 billion hosts squared (the size of the IPv4 address
space squared). Regardless of the length of your prefix, you get to
assign local addresses within that prefix.

More information about the linux mailing list