[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers

coadde coadde at riseup.net
Tue Aug 2 22:08:17 GMT 2016

On 08/02/2016 06:20 PM, Luke Shumaker wrote:
> On Tue, 02 Aug 2016 15:38:01 -0400,
> coadde wrote:
>> I wrote /etc/network.sh
> Ok!
> Can you explain these two lines to me?  I didn't see the point in them.
>     ip neighbour replace lladdr 52:54:5d:5f:e2:f9 nud permanent dev eth0
>     ip addr del fe80::5054:5dff:fe5f:e2f9 dev eth0

"ip neighbour" is equivalent ARP on IPv4 and NDP on IPv6, i set it to
permanent on eth0 interface, due it avoid MAC spoofing[0].
"ip addr del fe80::5054:5dff:fe5f:e2f9 dev eth0" it removes the unused
and unsecured link-local address[1][2][3].


> Also, the netmask was wrong; the VPS-control-panel-specified
> is equivalent to /25, not /24.

I put "/25", but the command "ip" may failed the connection.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160802/fe0cda7a/attachment.sig>

More information about the Dev mailing list