<div>Thanks Alek, that clarifies a lot of things on my shorewall logs ;)</div>
<div><br><br> </div>
<div><span class="gmail_quote">On 9/11/06, <b class="gmail_sendername">Aleksandar Milivojevic</b> <<a href="mailto:alex@milivojevic.org">alex@milivojevic.org</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Quoting Erick Perez <<a href="mailto:eaperezh@gmail.com">eaperezh@gmail.com</a>>:<br><br>> Aleksandar, can you please explain for me what does a criptic line
<br>> like "alias net-pf-10 off<br>> " means "to disable ipv6" ?<br><br>It disables automatic loading of ipv6 module. You can still manually<br>load it by doint "modprobe ipv6" from command line. This was default
<br>setting up until 2.4 kernel. In 2.6 kernel default was changed to<br>automatically load ipv6 module as needed.<br><br>If you don'thave the above line in /etc/modprobe.conf, each time an<br>application simply attempts to perform IPv6 bind, the kernel would
<br>automatically load ipv6 kernel module. The ipv6 module will assigne<br>link local addresses to all interfaces on the system, and it is<br>practically impossible to get rid of the module from that point on<br>(until you reboot machine).
<br><br>While link local addresses on the interfaces are not really usable to<br>establish communication on the network, many people prefer not to have<br>them assigned. Especially considering the sorry state of IPv6 version
<br>of Netfilter. Not only that IPv6 Netfilter lacks many many features<br>of its IPv4 counterpart, the userspace (iptables-ipv6) is not<br>installed by default on CentOS4, redhat-config-security-level will not<br>configure it, and many people run firewalls that are completely open
<br>for IPv6 traffic without even realizing it.<br><br>--<br>NOTICE: If you are not intended recipient, you are hereby notified<br>that by reading this message you agreed not to disturb frogs during<br>mating season. For more info, visit
<a href="http://www.8-P.ca/">http://www.8-P.ca/</a><br><br>_______________________________________________<br>CentOS mailing list<br><a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br><a href="http://lists.centos.org/mailman/listinfo/centos">
http://lists.centos.org/mailman/listinfo/centos</a><br></blockquote></div><br><br clear="all"><br>-- <br>------------------------------------------------------------<br>Erick Perez<br>Panama Sistemas<br>Integradores de Telefonia IP y Soluciones Para Centros de Datos
<br>Panama, Republica de Panama<br>Cel Panama. +(507) 6694-4780<br>------------------------------------------------------------