Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Sun Dec 10, 2023 5:32 am

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - IPv6 enablement for
Author Message
Post subject: IPv6 enablement for  |  Post Posted: Wed Jun 18, 2014 11:17 am
So today I finally allocated some time to enable IPv6 for the forum. I did this via HE tunnel broker free service (IPv6 /64 in ipv4 tunnel).

Since I chose to enable IPv6 in packet-mode on the SRX (packets are forwarded without security inspection), the server needed some security hardening: disable all daemons on IPv6, except for web server.

Few useful notes:
1. Use following lsof commands to check your IPv6 running daemons:
- lsof -i 6 shows all IPv6 enabled services (UDP + TCP)
- lsof -i 6TCP shows all IPv6 enabled services only TCP. Change this to UDP
2. NTPD should be started with "-4" argument (check
3. rsyslogd should be started with "-4" argument to disable IPv6.

All other daemons should be disabled from listening IPv6 (bind: listen-on-v6 { none; };).

More notes coming as I discover more things.
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]