OT, ip6tables rules for radvd

Kerry Hoath kerry at gotss.net
Sun Jan 29 23:10:32 EST 2012


I'll bite, what's babled?
I've had a bit of a google but haven't come up with anything yet to tell 
me what this is.

Sounds fascinating.

regards, Kerry.

On 30/01/2012 3:03 AM, Kirk Reiser wrote:
> Boy, completely different than me.  I run my wireless adhoc network
> totally open and encourage passers-by to use it. I also encourage
> visitors to install babled and partake in the cloud.
>
> Kirk
>
> On Sat, 28 Jan 2012, Gregory Nowak wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Sat, Jan 28, 2012 at 07:00:11PM -0600, chris at the-brannons.com wrote:
>>> I just allow all ICMPv6 traffic. Is there anything wrong with that?
>>
>> I guess the answer to that would depend on one's point of view, and
>> level of paranoia (grin). Since yourself, Kirk, and maybe more folks
>> who haven't asked want to know why I'm asking this, I might as well
>> explain, and let all of you know just how paranoid I am.
>>
>> My brother in-law bought me a wireless access point recently. There's
>> a longer story behind that, and yes, my internal LAN was all wired
>> until now. Given the security history of wireless networking, I
>> decided that if I did wireless here, it would be fed off a separate
>> NIC in my machine, and that I'd run only ipsec over it, or something
>> even more secure. This is exactly what I did. The wireless access
>> point is
>> attached to a separate network interface on its own separate private
>> subnet. The idea is that even if someone were to break encryption, and
>> gain access to the wireless access point, all it would get then is a
>> class c v4 address and a documentation v6 address which they could
>> literally do nothing with without my giving them a ssl cert, and a
>> username/password if they're running windows. I currently have
>> ppp/l2tp/ipsec going for windows clients (previously mentioned longer
>> story), I almost have ipsec to ipsec between linux machines going over
>> v4, and am working on ipsec to ipsec between linux boxes over v6,
>> which is why I'm asking what I am.
>>
>> I've locked things down enough with ip6tables to block everything
>> inbound, and outbound on the NIC attached to the wireless access
>> point. This includes router advertisements, and neighbor
>> solicitations. In order to get the ipsec connection going, I first
>> need to issue the client a 2001:db8 address. So, I need to know what I
>> should allow through without ipsec to make that happen. Hopefully that
>> explains why I'm asking.
>>
>> Greg
>>
>>
>> - --
>> web site: http://www.romuald.net.eu.org
>> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
>> skype: gregn1
>> (authorization required, add me to your contacts list first)
>>
>> - --
>> Free domains: http://www.eu.org/ or mail dns-manager at EU.org
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAk8ku6EACgkQ7s9z/XlyUyATIwCeN5ddTu+rtPy6CDIjUP/WhO8c
>> a0wAnRHZepDhhbvyl4LEGpEXFJcidA8m
>> =RodA
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
> --
> Kirk Reiser The Computer Braille Facility
> e-mail: kirk at braille.uwo.ca University of Western Ontario
> phone: (519) 661-3061
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup



More information about the Speakup mailing list