I'd like to note two things to this bug:
1) moving sysctl invocation later might open some subtile problems.
For example moving things like net.ipv4.conf.all.accept_redirects = 0
after network initialisation might open up a window for attacks.
Or some of the arp related stuff, that might break in more complex
settings when in the short time the wrong packages are received.
2) ipv6 is not the only thing that needs the module loaded first.
For example when doing an nfs4 mount, you might need to set the
tcp callback port. But you need to set it before mounting (as otherwise
the mount will not use it, and perhaps even fail due to some firewalls)
but usually the nfs module is only loaded in the init.d script also
doing the mount, so /proc/sys/fs/nfs/nfs_callback_tcpport does not exist
before, so currently you have to add nfs to /etc/modules and so you can
set that value in sysctl.conf, so you get a working mount despite of the
over-zealous firewalls.
While the best solution would of course some meachnism to load the
appropiate modules for a needed file, the lack of some usable catalog
for that most likely will not make that very scaleable.
Another way would be to just add an additional construct so that with
something like
!modprobe nfs
or
!modprobe ipv6
in sysctl config files will modprobe the appropiate module before
continuing.
Of course for the ipv6 problems this bugreport is about, adding a
comment that the ipv6 module is to be listed in /etc/modules might
also be considered a "fix" in some way.
Hochachtungsvoll,
Bernhard R. Link
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
