Thursday, December 30, 2010

MF-Firewall - Linux IPv6 and IPv4 firewall wrapper

A new project, just created yesterday to publish a full software package that uses standard linux tools to create a highly locked down environment.

Basically, a whole suite of scripts written in Ruby that builds chains, sets kernel options, sets up and tears down interfaces and vlans based on a directory of files each part of a zone.

The config directory sits in a folder called /jail
Under that you have acl/ nat/ and mangle/.
Under acl you have zones/ and kernelopts/.
Under zones/ you have each individual zone which includes a special zone called WAN that faces the public. You create as many additional zones as you want. Each zone has its own eth or vlan. A vlan can be TRANS for transparent or it can contact ipv4 or ipv6 address or both.

IPv6 support was only recently added and still needs lots of work done to fine tune it.

Find the project here:
http://code.google.com/p/mf-firewall

Tuesday, December 28, 2010

ssh to IPv6 or IPv4

When typing ssh at the command line, it seems to sometimes do ipv4 and sometimes ipv6.

However if you really want either ipv4 or you want ipv6 you can specify on the command line which you want:

ssh -6 <ipv6 only host>
ssh -4 <ipv4 only host>

Thursday, December 23, 2010

IPv6 and the linux host command...

Working with ipv6/ipv4 and trying to understand how to debug issues...

And more specifically, I wanted to see if DNS was handing both ipv4 and ipv6 addresses.

So, on a mac, typing "host testsystem.example.com", it was returning both A (ipv4) and the AAAA (ipv6) addresses.
But on Debian, only the A address was returned.
Of course ""host -t AAAA testsystem.example.com" returned the AAAA record or the ipv6 address.

So, why did Debian not give me both A and AAAA.
The fix was to install bind9-hosts instead of hosts.

So, if you are running a debian workstation, you might find it helpful to run "sudo apt-get install bind9-host" which will make it replace the hosts package.

Thursday, December 16, 2010

Mac command line DNS

Sometimes I wish to set DNS settings for Mac from the command line.

Here is a way I found to get this accomplished:

Start Terminal application:



sudo networksetup <-gets help
sudo networksetup -setdnsservers Airport <DNSServer IP> 
sudo networksetup -setsearchdomains Airport <like example.com >