This package has the Vyatta configuration templates and scripts to configure the IPv6 router advertisement daemon (radvd).
Details
Sep 15 2024
Jul 2 2024
Jun 20 2024
May 13 2024
Feb 10 2024
Dec 17 2023
Aug 25 2023
Jul 12 2023
Aug 29 2022
Nov 6 2021
Aug 31 2021
Jul 29 2021
Apr 23 2020
sorry, i'm not a hacker, so i dont know any attach vector. :( But it does not mean that it does not exist.
Mar 28 2020
Well - making all IPv6 stuff a noop is not coded into VyOS. Can you show real life examples of increased attack surface?
it's enabled by default.
It's useful when the user is sure he doesn't want IPv6, as it lessens the attack surface, especially if the user doesn't know he needs to configure a IPv6 firewall separately to the IPv4 firewall. Even link-local addresses can be used to launch attacks in the absence of a firewall config.
IMO the configured interface addresses and v6 nodes should become no-ops, possibly print a warning on commit.
On the other hand, leaving IPv6 enabled, would be better to move in the direction of v6 adoption. Personally, I'd prefer this, and leave v6 enabled by default.
in my opinion it should be always enabled
Actually why do you wan't to disbale IPv6 on the system? I think this is a huge workpackage.