advocatux <advoca...@gmail.com> writes:
> IPv6 is enabled by default in kernel 2.6.30 and can't be disabled, at
> least not in an easy way.
Sure there is. Boot with "ipv6.disable=1" on the command line.
kvm-sid:~# dmesg|grep -i ipv6
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64
root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0
console=ttyS0,9600n8 ipv6.disable=1
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64
root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0
console=ttyS0,9600n8 ipv6.disable=1
[ 0.585652] IPv6: Loaded, but administratively disabled, reboot required to
enable
[ 0.588546] Mobile IPv6
kvm-sid:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:aa:00:ff:00:fc
inet addr:192.168.3.230 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1406 (1.3 KiB) TX bytes:1190 (1.1 KiB)
> I've tried both echo 1 >/proc/sys/net/ipv6/conf/all/disable_ipv6 and sysctl
> -w net.ipv6.conf.all.disable_ipv6=1 methods without any success.
>
> I think this bug is related to https://bugs.launchpad.net/bugs/351656 in
> Ubuntu.
>
> In that report someone says there's a fix from upstream and that's already
> fixed in 2.6.31 series.
Oh, it went in a while ago. See
http://patchwork.ozlabs.org/patch/27856/
> There'd be a possible security risk in this whole thing.
Yeah, just like having IPv4 enabled by default. Given the number of
attacks, I would say that IPv4 is much more dangerous and should be
disabled immediately by any sane administrator :-)
Bjørn
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
