git commit: Disable IPv6 in XenServer if it is enabled. The cloud support pack apparently enables IPv6 support at the moment, but wihtout proper security.

Mon, 30 Jul 2012 08:37:06 -0700 

Updated Branches:
  refs/heads/master 0829ee164 -> 10e4a5ae4


Disable IPv6 in XenServer if it is enabled. The cloud support pack apparently 
enables IPv6 support at the moment, but wihtout proper security.


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/10e4a5ae
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/10e4a5ae
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/10e4a5ae

Branch: refs/heads/master
Commit: 10e4a5ae4847ec7052d620b96f3fcd2263207c8e
Parents: 0829ee1
Author: Hugo Trippaers <[email protected]>
Authored: Mon Jul 30 17:26:33 2012 +0200
Committer: Hugo Trippaers <[email protected]>
Committed: Mon Jul 30 17:36:29 2012 +0200

----------------------------------------------------------------------
 scripts/vm/hypervisor/xenserver/setupxenserver.sh |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/10e4a5ae/scripts/vm/hypervisor/xenserver/setupxenserver.sh
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/setupxenserver.sh 
b/scripts/vm/hypervisor/xenserver/setupxenserver.sh
index d3ade09..57456b3 100755
--- a/scripts/vm/hypervisor/xenserver/setupxenserver.sh
+++ b/scripts/vm/hypervisor/xenserver/setupxenserver.sh
@@ -23,6 +23,20 @@ usage() {
 
 }
 
+if [ ! -f "/etc/modprobe.d/disable-ipv6" ] ; then
+    # disable IPv6 until reboot
+    if [ -d "/proc/sys/net/ipv6/conf/all" ] ; then
+        /sbin/sysctl -w net.ipv6.conf.all.forwarding=0
+        /sbin/sysctl -w net.ipv6.conf.all.accept_ra=0
+        /sbin/sysctl -w net.ipv6.conf.all.accept_redirects=0
+        /sbin/sysctl -w net.ipv6.conf.all.autoconf=0
+        /sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1
+    fi
+
+    # reinstate the disable-ipv6 file
+    echo "alias ipv6 no" > /etc/modprobe.d/disable-ipv6
+    echo "alias net-pf-10 off" >> /etc/modprobe.d/disable-ipv6
+fi
 
 #removing iptables entry for vnc ports
 iptables -D RH-Firewall-1-INPUT -p tcp -m tcp --dport 5900:6099 -j ACCEPT 2>&1

Reply via email to