why is ipv6 fixly compiled in latest F15 and all F16 kernels?

Sun Apr 8 17:55:19 UTC 2012

Am 08.04.2012 14:07, schrieb Frantisek Hanzlik:
> Networking code has especial position, as bugs / problems /
> misconfigurations in it have strong impact to machine security.
> And I simply do not want do any ip6tables and other ipv6
> security configuration - because I do not want use ipv6
> _entirely_

so disable it
what is your exactly problem?

i maintain 20 public fedora machines and no
single one has any ipv6 configuration becuase
i disabled it as explained - why can you do
not the same?

>>> 2) something (NetworkManager or other malware;) can easily activate it.
>>
>> who told you so?
>> how can NetworkManager override a KERNEL parameter?
> 
> Have I after each update supervise whether NM or other stuff
> made some unwanted changes - maybe even on kernel commandline?
> And after each reboot again? No, I don´t want it.

boah you have to disable it once for years as you
gad to disable the odule all the years before

NM is not in the position to overrdie kernel-parameters
kernel-parameters are not changed by updates

so again: what is your problem?

>> in times where it was a loadable module it was the same
>> you had to make sure to disable it AND it was loaded
>> most of the time
>>
> even if I wipe it from disk most services was able reconstruct
> it and load again ;)

so and what is the difference now?

>> the stack is disabled entirely and the memory footprint may
>> be the same as unloaded module and code paths on different
>> places which has to check this
> 
> Here I eventually agree with You

hm you agree about memory fooprint
you can disable ipv6 entirely

so again: what is your problem?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120408/315a7f71/attachment.sig>