Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]

Fernando Lozano fernando at lozano.eti.br
Fri Jul 12 16:44:44 UTC 2013


Hi,

> [As I changed the subject, let me clear: IPv6 still compiled in the kernel. Just the network interfaces configs
> that should come with IPv6 disabled by default, if the user wants it should be easy to enable]
> exactly *that* is my point
>
> it is ridiculous that i bave a clearly static ipv4 config
> using network.service as well as "ipv6disable=1" as kernel
> param and on a F19 machine with 3.10.0-1.fc20.x86_64 eth0
> comes up with "inet6 fe80::20c:29ff:fe30:82b9"
>
> this is not a matter of ipv6 security / yes / no / don't know
> it is a matter of if ipv6 would make sense for the network
> and would enable and *properly* configure it but this is
> not the case because the gateway is for sure not ipv6 capable
>
> i do not need to see any ip-address (ipv4 or ipv6) on a
> statically interface which was not explicitly configured
Having a smarter ifconfig / ip tool or ethernet device driver would be a 
way to implement my proposal.

But, by the IPv6 RTFs, just having IPv6 enabled means there is an IPv6 
address for that interface. IPv6 provides local auto-configuration for 
network intefaces, without DHCP or any other infrastrucure being present.

That's one thing that creates security risks: you don't know you could 
be reached by that address.

So, ifconfig or ip or whatever would have to disable IPv6 for any 
interface that does not having an explicit IPv6 address. I'd think it 
would be easier to have the default eth*-cfg files and Network Manager 
disable IPv6 unless the user tells them to enable.


[]s, Fernando Lozano



More information about the users mailing list