[CentOS] Disabling IPv6 in Centos 4.x Experiences

Mon Sep 11 17:38:39 UTC 2006
Erick Perez <eaperezh at gmail.com>

Thanks Alek, that clarifies a lot of things on my shorewall logs  ;)



On 9/11/06, Aleksandar Milivojevic <alex at milivojevic.org> wrote:
>
> Quoting Erick Perez <eaperezh at gmail.com>:
>
> > Aleksandar, can you please explain for me what does a criptic line
> > like "alias net-pf-10 off
> > "  means "to disable ipv6" ?
>
> It disables automatic loading of ipv6 module.  You can still manually
> load it by doint "modprobe ipv6" from command line.  This was default
> setting up until 2.4 kernel.  In 2.6 kernel default was changed to
> automatically load ipv6 module as needed.
>
> If you don'thave the above line in /etc/modprobe.conf, each time an
> application simply attempts to perform IPv6 bind, the kernel would
> automatically load ipv6 kernel module.  The ipv6 module will assigne
> link local addresses to all interfaces on the system, and it is
> practically impossible to get rid of the module from that point on
> (until you reboot machine).
>
> While link local addresses on the interfaces are not really usable to
> establish communication on the network, many people prefer not to have
> them assigned.  Especially considering the sorry state of IPv6 version
> of Netfilter.  Not only that IPv6 Netfilter lacks many many features
> of its IPv4 counterpart, the userspace (iptables-ipv6) is not
> installed by default on CentOS4, redhat-config-security-level will not
> configure it, and many people run firewalls that are completely open
> for IPv6 traffic without even realizing it.
>
> --
> NOTICE: If you are not intended recipient, you are hereby notified
> that by reading this message you agreed not to disturb frogs during
> mating season.  For more info, visit http://www.8-P.ca/
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
------------------------------------------------------------
Erick Perez
Panama Sistemas
Integradores de Telefonia IP y Soluciones Para Centros de Datos
Panama, Republica de Panama
Cel Panama. +(507) 6694-4780
------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20060911/902e9e15/attachment-0005.html>