This package has the Vyatta system-level configuration templates and scripts.
Details
Feb 10 2024
Dec 17 2023
Aug 25 2023
Jul 12 2023
Aug 29 2022
Nov 6 2021
Oct 18 2021
@mickvav You can use ". Can you re-check it?
Tested on node VyOS 1.4-rolling-202110130217
Oct 17 2021
Sep 3 2021
Aug 31 2021
Jul 29 2021
Jan 27 2021
Nov 1 2020
Oct 30 2020
Oct 29 2020
Apr 23 2020
sorry, i'm not a hacker, so i dont know any attach vector. :( But it does not mean that it does not exist.
Mar 28 2020
Well - making all IPv6 stuff a noop is not coded into VyOS. Can you show real life examples of increased attack surface?
it's enabled by default.
It's useful when the user is sure he doesn't want IPv6, as it lessens the attack surface, especially if the user doesn't know he needs to configure a IPv6 firewall separately to the IPv4 firewall. Even link-local addresses can be used to launch attacks in the absence of a firewall config.
IMO the configured interface addresses and v6 nodes should become no-ops, possibly print a warning on commit.
On the other hand, leaving IPv6 enabled, would be better to move in the direction of v6 adoption. Personally, I'd prefer this, and leave v6 enabled by default.
in my opinion it should be always enabled
Actually why do you wan't to disbale IPv6 on the system? I think this is a huge workpackage.
Mar 24 2020
Mar 17 2020
Apr 7 2019
Assuming this works - please reopen if not
Mar 27 2019
@tomjepp please test
Mar 26 2019
@tomjepp Could you share the patch or tell us what and where you had to modify?
Mar 12 2019
Jan 12 2019
Jan 10 2019
Oct 13 2018
May 24 2018
I'm not sure if HTML encoding is really the best thing to do, but I agree the problem exists.