I'd like to note two things to this bug: 1) moving sysctl invocation later might open some subtile problems. For example moving things like net.ipv4.conf.all.accept_redirects = 0 after network initialisation might open up a window for attacks. Or some of the arp related stuff, that might break in more complex settings when in the short time the wrong packages are received.
2) ipv6 is not the only thing that needs the module loaded first. For example when doing an nfs4 mount, you might need to set the tcp callback port. But you need to set it before mounting (as otherwise the mount will not use it, and perhaps even fail due to some firewalls) but usually the nfs module is only loaded in the init.d script also doing the mount, so /proc/sys/fs/nfs/nfs_callback_tcpport does not exist before, so currently you have to add nfs to /etc/modules and so you can set that value in sysctl.conf, so you get a working mount despite of the over-zealous firewalls. While the best solution would of course some meachnism to load the appropiate modules for a needed file, the lack of some usable catalog for that most likely will not make that very scaleable. Another way would be to just add an additional construct so that with something like !modprobe nfs or !modprobe ipv6 in sysctl config files will modprobe the appropiate module before continuing. Of course for the ipv6 problems this bugreport is about, adding a comment that the ipv6 module is to be listed in /etc/modules might also be considered a "fix" in some way. Hochachtungsvoll, Bernhard R. Link -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]