This package has the Vyatta system-level configuration templates and scripts.
Apr 23 2020
sorry, i'm not a hacker, so i dont know any attach vector. :( But it does not mean that it does not exist.
Mar 28 2020
Well - making all IPv6 stuff a noop is not coded into VyOS. Can you show real life examples of increased attack surface?
it's enabled by default.
It's useful when the user is sure he doesn't want IPv6, as it lessens the attack surface, especially if the user doesn't know he needs to configure a IPv6 firewall separately to the IPv4 firewall. Even link-local addresses can be used to launch attacks in the absence of a firewall config.
IMO the configured interface addresses and v6 nodes should become no-ops, possibly print a warning on commit.
On the other hand, leaving IPv6 enabled, would be better to move in the direction of v6 adoption. Personally, I'd prefer this, and leave v6 enabled by default.
in my opinion it should be always enabled
Actually why do you wan't to disbale IPv6 on the system? I think this is a huge workpackage.
Mar 24 2020
Mar 17 2020
Apr 7 2019
Assuming this works - please reopen if not
Mar 27 2019
@tomjepp please test
Mar 26 2019
@tomjepp Could you share the patch or tell us what and where you had to modify?
Mar 12 2019
Jan 12 2019
Jan 10 2019
Oct 13 2018
May 24 2018
I'm not sure if HTML encoding is really the best thing to do, but I agree the problem exists.