8 Jun
2012
8 Jun
'12
4:11 p.m.
On Fri, Jun 08, 2012 at 12:56:23PM -0700, Owen DeLong <owen@delong.com> wrote a message of 28 lines which said:
IPv6 should be a simple matter of putting the same line in your ip6tables file.
My experience with attack mitigation is that tools do not always work as advertised and sometimes do bad things (such as crashing the machine). So, I agree, it "should be a simple matter" but I prefer to test first. [For instance, my IPv4 rule required a maximum of 2^28 buckets in memory while an IPv6 rule with --hashlimit-srcmask 64 would require a maximum of 2^64 buckets... What will be the effect on the system memory?]