what is the F19 way to disable ipv6?

Neil Horman nhorman at redhat.com
Mon Jul 15 15:37:23 UTC 2013 

On Mon, Jul 15, 2013 at 04:55:24PM +0200, Reindl Harald wrote:
> 
> 
> Am 15.07.2013 16:44, schrieb Michal Schmidt:
> > On 07/13/2013 01:44 AM, Reindl Harald wrote:
> >> please take a look at this
> >> https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
> >>
> >> what do we do in the future to disable ipv6 entirely
> >> and why is "ipv6.disable=1" as kernel param at least
> >> with 3.10.0-1.fc20.x86_64 on F19?
> > 
> > Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1":
> > https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html
> > I assume it's still true today.
> > 
> > "ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c.
> > 
> > In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo
> 
> thanks for your feedback, yes this was a typo
> 
> however, i removed it over the weekend and disabled ipv6 with sysctl
> software like ntpd, smbd still insists in listening on ipv6 sockets
> and the maintainers of the packages says this inconsistent behavior
> is fine
> _______________________________________________________
> 
> udp        0      0 *:ntp                   *:*
> udp6       0      0 [::]:ntp                [::]:*
> 
> tcp6       0      0 :::139                  :::*    LISTEN      3079/smbd
> tcp6       0      0 :::445                  :::*    LISTEN      3079/smbd
> _______________________________________________________
> 
> /etc/sysctl.conf
> 
> net.ipv6.conf.all.disable_ipv6=1
> net.ipv6.conf.all.accept_redirects=0
> net.ipv6.conf.all.accept_source_route=0
> net.ipv6.conf.default.disable_ipv6=1
> net.ipv6.conf.default.accept_redirects=0
> net.ipv6.conf.default.accept_source_route=0
> 

You're configuration indicates all interfaces should not send/recieve/forward
ipv6 traffic.  That in no way indicates that applications can't create ipv6
sockets, its just that those sockets will never receive data, and any data
transmitted on them will be dropped.

If you really don't want to see ipv6 sockets, you need to use the ipv6.disable
kernel command line option.  Note however, that doing so will prevent the
registration of the PF_INET6 address family, meaning that any application call
to socket(PF_INET6,...) will fail with an EAFNOTSUPPORT errno return.  That
could cause lots of applications to get confused or otherwise misbehave, which
is why most people don't use it, opting instead for the more sane options that
you have above.
Neil


> _______________________________________________
> kernel mailing list
> kernel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/kernel

More information about the devel mailing list