touch-packages team mailing list archive

Thread
Date

[Bug 740249] Re: should block ipv6 RH0

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 14 Oct 2014 22:59:24 -0000
Reply-to: Bug 740249 <740249@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** No longer affects: ufw (Ubuntu Lucid)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/740249

Title:
  should block ipv6 RH0

Status in “ufw” package in Ubuntu:
  Fix Released
Status in “ufw” source package in Maverick:
  Won't Fix
Status in “ufw” source package in Natty:
  Fix Released

Bug description:
  Binary package hint: ufw

  The following should be added to before6.rules, after the loopback rules:
  # drop packets with RH0 headers
  -A ufw6-before-input -m rt --rt-type 0 -j DROP
  -A ufw6-before-forward -m rt --rt-type 0 -j DROP
  -A ufw6-before-output -m rt --rt-type 0 -j DROP

  See IPv6 Routing Header Security by Philippe Biondi and Arnaud Ebalard
  released at CanSecWest 2007 for more information about this issue
  (http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/740249/+subscriptions