#11629 NORM xs-0.7: XS has no IPv6 firewall but runs IPv6 listening services

Zarro Boogs per Child bugtracker at laptop.org
Wed Feb 15 16:17:59 EST 2012

#11629: XS has no IPv6 firewall but runs IPv6 listening services
           Reporter:  greenfeld      |       Owner:  dsd                              
               Type:  defect         |      Status:  assigned                         
           Priority:  normal         |   Milestone:  xs-0.7                           
          Component:  school server  |     Version:  Development build as of this date
         Resolution:                 |    Keywords:                                   
        Next_action:  diagnose       |    Verified:  0                                
Deployment_affected:                 |   Blockedby:                                   
           Blocking:                 |  
Changes (by dsd):

  * owner:  martin.langhoff => dsd
  * status:  new => assigned


 With our current configuration there is no danger of receiving an IPv6
 address over DHCP, nor through auto-configuration (router advertisements)
 - this is disabled.

 The "autoconf" option mentioned above refers to the fact that the kernel
 auto-creates a fe80 link-local address. This isn't trivial to turn off,
 and does mean that the XS could be contacted over the WAN over IPv6 under
 some circumstances. Next build will include a simple firewall config to
 block incoming connections except SSH.

Ticket URL: <http://dev.laptop.org/ticket/11629#comment:1>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list