I would like to disable IPv6, and some transport layer protocols, RDS, TIPC etc
However I am unsure of the best practise in doing this. So far I am disabling IPv6 using the sysctl command: sysctl -w net.ipv6.conf.all.disable_ipv6 = 1 sysctl -w net.ipv6.conf.default.disable_ipv6 = 1 Then, making sure it is disabled in perpetuity by editing /etc/sysctl.conf to include the following lines: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 To disable the transport layer protocols I am editing /etc/modprobe.d/blacklist-rare-network.conf. In the following example I will disable dccp:: install dccp /bin/true This will replace the dccp command with nothing so dccp will not be loaded into the kernel. However, the other entries in this file are not in this format, rather they use 'alias XXX off' format, e.g. rds is 'alias net-pf-21 off'. I cannot see where the mapping between rds and net-pf-21 is, and according to the man pages alias simply gives an alternative name for a module. So I am a little confused. What is the best way to prevent the dccp/rds/tipc etc support being loaded? Do I need to use sysctl to unload the rare TCP modules? And finally do I need to add IPv6 to /etc/modprobe.d/ config directory structure? -- Laurie Mercer _________________________ [email protected]
