Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday January 19 2019, @01:19AM   Printer-friendly
from the ICUP dept.

A Swiss VM hosting provider has a technical blog post about how to kill IPv4 completely on FreeBSD. That is to say, turning it completely off, not just preferring IPv6. They then solicit concrete solutions describing, along with a proof of concept, how to turn IPv4 completely off in other operating systems and allowing them to communicate with IPv6 only.

Earlier on SN:
Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different (2016)
You have IPv6. Turn it on. (2016)
We've Killed IPv4! (2014)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by Azuma Hazuki on Saturday January 19 2019, @03:25AM (4 children)

    by Azuma Hazuki (5086) on Saturday January 19 2019, @03:25AM (#788534) Journal

    You can NAT in IPv6 you know...

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Moderation   +2  
       Informative=1, Funny=1, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 5, Interesting) by VLM on Saturday January 19 2019, @02:49PM (3 children)

    by VLM (445) on Saturday January 19 2019, @02:49PM (#788638)

    When old timers talk about NAT in ipv6 they usually don't mean NAT, they mean a stateless FW instead.

    You can stateless firewall in ipv6 pretty easily:

    ip6tables -A OUTPUT -o your_isp_interface -j ACCEPT

    ip6tables -A INPUT -i your_isp_interface -m state --state ESTABLISHED,RELATED -j ACCEPT

    NAT on ipv4 in the olden days was merely the above, for ipv4 obviously, plus an extra line:

    iptables -t nat -A POSTROUTING -o your_isp_interface -j MASQUERADE

    You don't need to "fake" and remap the addrs for ipv4 like you do for ipv6, so you'd not include the ipv6tables equivalent of the line above.

    As with most linux type things, a lot of effort has been put into making impossible to use "simpler" systems so on systemd-redhat non-unix-like OSes, god only knows what layers of hell you'd have to go thru to avoid one or two straightforward lines of clear and obvious ip6ables from the old days.

    • (Score: 2) by VLM on Saturday January 19 2019, @02:50PM

      by VLM (445) on Saturday January 19 2019, @02:50PM (#788639)

      Disclaimer entire post above was from memory and might work and might be secure for some values of "work" and "secure" you'd best hit up the mighty Google search bar if you're doing this for realzies but for discussion purposes its mostly accurate enough in the sense of hand grenades being close enough and so forth.

    • (Score: 2) by Deeo Kain on Sunday January 20 2019, @04:18PM (1 child)

      by Deeo Kain (5848) on Sunday January 20 2019, @04:18PM (#789063)

      ip6tables -A INPUT -i your_isp_interface -m state --state ESTABLISHED,RELATED -j ACCEPT

      Of course you know that the rule you wrote define a state*ful* FW, do you?

      • (Score: 2) by VLM on Monday January 21 2019, @10:09PM

        by VLM (445) on Monday January 21 2019, @10:09PM (#789804)

        Yeah I know... caffeine levels too low etc. Heart was in the right place at least.