OT, ip6tables rules for radvd

Mon Jan 30 10:06:47 EST 2012

Hi Kerry: It is a mostly experimental loop avoidance routing protocol.
You can read more about it at
http://www.pps.jussieu.fr/~jch/software/babel/.
   Kirk

On Mon, 30 Jan 2012, Kerry Hoath wrote:

>
> I'll bite, what's babled?
> I've had a bit of a google but haven't come up with anything yet to tell me 
> what this is.
>
> Sounds fascinating.
>
> regards, Kerry.
>
> On 30/01/2012 3:03 AM, Kirk Reiser wrote:
>> Boy, completely different than me.  I run my wireless adhoc network
>> totally open and encourage passers-by to use it. I also encourage
>> visitors to install babled and partake in the cloud.
>> 
>> Kirk
>> 
>> On Sat, 28 Jan 2012, Gregory Nowak wrote:
>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> On Sat, Jan 28, 2012 at 07:00:11PM -0600, chris at the-brannons.com wrote:
>>>> I just allow all ICMPv6 traffic. Is there anything wrong with that?
>>> 
>>> I guess the answer to that would depend on one's point of view, and
>>> level of paranoia (grin). Since yourself, Kirk, and maybe more folks
>>> who haven't asked want to know why I'm asking this, I might as well
>>> explain, and let all of you know just how paranoid I am.
>>> 
>>> My brother in-law bought me a wireless access point recently. There's
>>> a longer story behind that, and yes, my internal LAN was all wired
>>> until now. Given the security history of wireless networking, I
>>> decided that if I did wireless here, it would be fed off a separate
>>> NIC in my machine, and that I'd run only ipsec over it, or something
>>> even more secure. This is exactly what I did. The wireless access
>>> point is
>>> attached to a separate network interface on its own separate private
>>> subnet. The idea is that even if someone were to break encryption, and
>>> gain access to the wireless access point, all it would get then is a
>>> class c v4 address and a documentation v6 address which they could
>>> literally do nothing with without my giving them a ssl cert, and a
>>> username/password if they're running windows. I currently have
>>> ppp/l2tp/ipsec going for windows clients (previously mentioned longer
>>> story), I almost have ipsec to ipsec between linux machines going over
>>> v4, and am working on ipsec to ipsec between linux boxes over v6,
>>> which is why I'm asking what I am.
>>> 
>>> I've locked things down enough with ip6tables to block everything
>>> inbound, and outbound on the NIC attached to the wireless access
>>> point. This includes router advertisements, and neighbor
>>> solicitations. In order to get the ipsec connection going, I first
>>> need to issue the client a 2001:db8 address. So, I need to know what I
>>> should allow through without ipsec to make that happen. Hopefully that
>>> explains why I'm asking.
>>> 
>>> Greg
>>> 
>>> 
>>> - --
>>> web site: http://www.romuald.net.eu.org
>>> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
>>> skype: gregn1
>>> (authorization required, add me to your contacts list first)
>>> 
>>> - --
>>> Free domains: http://www.eu.org/ or mail dns-manager at EU.org
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.10 (GNU/Linux)
>>> 
>>> iEYEARECAAYFAk8ku6EACgkQ7s9z/XlyUyATIwCeN5ddTu+rtPy6CDIjUP/WhO8c
>>> a0wAnRHZepDhhbvyl4LEGpEXFJcidA8m
>>> =RodA
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup at braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>> 
>> 
>> --
>> Kirk Reiser The Computer Braille Facility
>> e-mail: kirk at braille.uwo.ca University of Western Ontario
>> phone: (519) 661-3061
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

--
Kirk Reiser				The Computer Braille Facility
e-mail: kirk at braille.uwo.ca		University of Western Ontario
phone: (519) 661-3061