[Openstack] DHCP for IPv6
Jorge Luiz Correa
correajl at gmail.com
Fri Sep 29 00:49:49 UTC 2017
Thanks for explain Jeremy! Very clear.
I think systems with cloud-init enabled, like most images, can be easily configured to disable this feature.
Thank you!
:)
> On 28 Sep 2017, at 21:37, Jeremy Stanley <fungi at yuggoth.org> wrote:
>
> On 2017-09-28 20:29:38 -0300 (-0300), Jorge Luiz Correa wrote:
>> It would be good if developers could know about that because
>> privacy extension is becoming the default on every operate
>> systems. I've tested last version of *ubuntu and some FreeBSD
>> kernels, all operating with privacy extension by default.
>>
>> So, this way of creating the iptables rules need to be reviewed.
> [...]
>
> To accommodate privacy extensions, we'd basically have to give up on
> any assumptions as to what the viable source addresses originating
> on a port could be (at least within the netmask). This filtering is
> the primary mechanism for preventing address spoofing within a
> shared network.
>
> By comparison, RFC 4941 privacy extensions are primarily a
> protection for desktop/mobile client systems and do little (if
> anything) useful for a statically-addressed server. Disabling it
> there makes a lot of sense to me, as a privacy/security-conscious
> sysadmin.
> --
> Jeremy Stanley
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list