[CentOS] transition to ip6

Tue Apr 3 00:33:24 UTC 2012
Adam Tauno Williams <awilliam at whitemice.org>

On Mon, 2012-04-02 at 09:59 -0500, Les Mikesell wrote:
> On Mon, Apr 2, 2012 at 9:39 AM, Peter Eckel <lists at eckel-edv.de> wrote:
> > When there really is a requirement that the external server allows
> only a single address to access it and that can't be changed, you
> could resort to using a proxy.
> What is typical or reasonable for source address restrictions?   

To dispose of them;  they are hopelessly pointless.  If you want to
authenticate the source use PKI.

I know they exist and have personally had to deal with them.  That
doesn't imply they make any kind of sense.

> That
> is, if  there are 2 global organizations, and one wants to increase
> the security on access to a service by limiting to the source
> addresses that might come from the other, is there a sane way to
> specify it, and to make the application use those addresses at the
> right times if the interface has others?

If two organizations want to communicate, exclusively and privately,
with each other they should establish a tunnel.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20120402/c59c9181/attachment-0005.sig>