bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
989 B
Exception
Filtering IPv6 traffic is left up to the deployer to implement. The openstack-ansible roles don't configure IPv6 (at this time) and adding persistent ip6tables rules could harm a running system.
However, deployers are strongly recommended to implement IPv6 filtering at the edges of the network via network devices. In addition, deployers should be aware that link-local IPv6 addresses are configured automatcally by the system and those addresses could open up new network paths for future attacks.
For example, if IPv4 access was tightly controlled and segmented, hosts and/or containers could possibly communicate across these boundaries using IPv6 link-local addresses. For more detailed information on this security topic, review Cisco's documentation titled IPv6 Security Brief that is available on their website.