IRRd-Discuss
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: irrd2.2.2
- From: Kuniaki Kondo
- Date: Tue Dec 14 23:49:44 2004
>On Tue, Dec 14, 2004 at 10:32:47AM -0500, Larry J. Blunk wrote:
>> On Tue, 2004-12-14 at 18:39 +0900, Kuniaki Kondo wrote:
>> > In this situation, When IRRd will be executed, IRRd will not open
>> > IPv4 socket, just only IPv6, for port 43 and UII. Thus, it can
>> > not access from other hosts using IPv4.
>>
>> With FreeBSD, you should be able to set the net.inet6.ip6.v6only
>> sysctl variable to 0 to change the default behavior.
>
>Setting net.inet6.ip6.v6only has security implications: if you use
>packet filtering or tcp wrappers, your IPv6 rules need to take into
>account everything that you used to do in IPv4 rules.
Hmm... I didn't understand about this point.
If we already have 'IPv6 fintering policy' or some rules, then
we don't have security problem. Is it correct?
If so, this is not a serious problem, I think.
If you have any other serious problems about this issue,
please advice to me.
>It would be better to configure IRRd to use separate IPv4 and IPv6
>sockets.
Is this mean that I execute two IRRd processes on a server?
In this case, how to share database files for these processes?
Thank you.
>
>Regards,
>+ Kim
>--
><A HREF="http://kimmo.suominen.com/";>Kimmo Suominen</A>
>
|
