Re: disable IPv6

["Robert G. (Doc) Savage" <dsavage@peaknet.net>]

On Tue, 2010-06-22 at 15:54 -0500, Steven Pritchard wrote:
> I tend to like to turn off IPv6 on my firewalls so I have a little
> better handle on *exactly* what traffic is being allowed.  Thanks to
> Google, I just discovered a quick way to kill IPv6 on all interfaces:
> 
>   echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
> 
> For a more permanent solution, do this:
> 
>   cat >> /etc/sysctl.conf <<END
>   
>   # Disable IPv6
>   net.ipv6.conf.all.disable_ipv6 = 1
>   END
>   sysctl -p
> 
> And specifically on Fedora/RHEL, I think these are the rest of the magic
> bits:
> 
>   echo blacklist ipv6 >> /etc/modprobe.d/ipv6.conf
>   cat >> /etc/sysconfig/network <<END
>   NETWORKING_IPV6=no
>   IPV6INIT=no
>   IPV6TO4INIT=no
>   END
> 
> Although I have to admit, I just tried that, and the ipv6 module still
> gets loaded at boot...  Still, with no IPv6 addresses, that should be
> close enough...
> 
> The only way to absolutely be sure that the ipv6 module never gets
> loaded that I've found so far (on Fedora 12, at least) is to add
> "install ipv6 /bin/true" to /etc/modprobe.d/ipv6.conf also.
> 
> Steve

The need to take such steps seems incongruous in the face of almost
complete global exhaustion of IP4 address spaces.

--Doc


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.