On Sun, 2005-09-04 at 00:11 +0200, Maciej Żenczykowski wrote:

Turn off IPv6 either just for sshd or for the entire kernel... I think the following in /etc/modprobe.conf alias ipv6 off alias net-pf-10 off does wonders :)

And I got hell from people in LPI when I suggested the next round of the LPIC-1 exams (for 2007+) should test people on how to at least disable IPv6. ;->

On Sun, 2005-09-04 at 03:56 +0200, Maciej Żenczykowski wrote:

...

...

Turn off IPv6 either just for sshd or for the entire kernel... I think the following in /etc/modprobe.conf alias ipv6 off alias net-pf-10 off does wonders :)

And I got hell from people in LPI when I suggested the next round of the LPIC-1 exams (for 2007+) should test people on how to at least disable IPv6. ;->

are you saying the above is wrong? [I know there's an /etc/sysconfig/somethingorother file which contains networking settings for IPV6 but I've never managed to get those to actually work] Cheers, MaZe.

This got me curious. Looking at /etc/sysconfig/network-scripts/ifup- ipv6, you can control ipv6 from /etc/sysconfig/network.

# Uses following information from "/etc/sysconfig/network": # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # IPV6_DEFAULTDEV=<device>: controls default route (optional) # IPV6_DEFAULTGW=<address>: controls default route (optional)

On Sat, 2005-09-03 at 19:06 -0700, Sean O'Connell wrote:

This got me curious. Looking at /etc/sysconfig/network-scripts/ifup- ipv6, you can control ipv6 from /etc/sysconfig/network.

# Uses following information from "/etc/sysconfig/network": # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # IPV6_DEFAULTDEV=<device>: controls default route (optional) # IPV6_DEFAULTGW=<address>: controls default route (optional)

But that's the Red Hat configuration script approach at boot/init. What is _actually_ enabling/disabling it?

On Sun, 2005-09-04 at 13:24 +0200, Maciej Żenczykowski wrote:

That's what I was thinking of... I haven't tested this in a while (and don't feel like rebooting to test it now), but last time I set NETWORKING_IPV6=no resulted in IPV6 initialization not being performed, _BUT_ enough IPV6 initialization was done (possibly due to module autoloading?) to result in the ipv6 module loading (and that's enough for later programs to do pointless (in a non-IPV6 environment) IPv6 queries/connects/sockets etc.)

Again, still Red Hat approach at boot/init. What is the "common denominator"?

I did a trace from the scripts ...

/etc/sysconfig/network is used by /etc/init.d/network, which calls /etc/sysconfig/network-scripts/init.ipv6-global, which sources /etc/sysconfig/network-scripts/network-functions-ipv6

The init.ipv6.global script basically tests for IPv6 support in the kernel by looking for the existance of /proc/net/if_inet6.

And then it starts looking at the interfaces by running "sysctl -a" and searching for the prefix "net.ipv6.conf." and -- bam! -- there it is, net.ipv6.conf.eth0, etc... There is even a set of IPv6 defaults for interfaces in net.ipv6.conf.default (or even .all for all interfaces). You can use "sysctl -w" to write a value, or "echo >" into the /proc filesystem (/proc/sys/net...).

Now that helps you on startup. You set the defaults on interfaces to not configure autoconf (LINKLOCAL fe80::/64 subnet) address IIRC.

But still, the easiest way to remove IPv6 directly is to use ifconfig. E.g., the LINKLOCAL (fe80::/64 subnet) on my interfaces is: ifconfig eth0 del fe80::201:6cff:fead:f11b/64

And sure enough, the interface doesn't even show up in sysctl anymore. Which makes me wonder if there is a way to disable all IPv6 setup.

Otherwise, here is the homepage for the initscripts-ipv6 scripts: http://www.deepspace6.net/projects/initscripts-ipv6.html

Which makes me wonder if there is a way to disable all IPv6 setup.

That's why my solution removes the kernel modules responsible for ipv6 - either by physically renaming/deleting the kernel module from the disk drive (simplest, but doesn't hold over kernel change, and I wouldn't recommend it) or by disabling the ipv6 modules in /etc/modules.conf or /etc/modprobe.conf (can't remember which is the correct file for 2.6, probably modprobe).

If you don't allow the module to load then obviously the kernel is not-ipv6 enabled and nothing else will work (all scripts/programs and the like determine they're running in a non-ipv6 environment and gracefully fail or go back to default ipv4).

Cheers, MaZe.

On Sun, 2005-09-04 at 03:56 +0200, Maciej Żenczykowski wrote:

are you saying the above is wrong?

No, no, I was making an OT comment (sorry I forgot to tag it as such).

In a nutshell, I got "beat up" for suggesting that we start testing people on ultra-simple IPv6 knowledge for the LPI 2007+ exam developments. Everyone said no one is deploying IPv6.

Not only have I been involved with such companies that have IPv6, but _many_ distros are now shipping IPv6 turned on. So I said it's extremely "real world" to just know how to disable IPv6.

[I know there's an /etc/sysconfig/somethingorother file which contains networking settings for IPV6 but I've never managed to get those to actually work]

Actually, I was just thinking "ifconfig" or another "distro universal" approach.

For those on "lpi-examdev", I posted some "real-world" questions on IPv6 mid last month.