Hi,
On 12 June 2013 15:18, Trent W. Buck <[email protected]> wrote: > John Mann <[email protected]> writes: > > > I would control traffic by giving ppp0, ip6test, and lo interfaces > > IPv6 addresses, and not giving IPv6 addresses to the interfaces you do > > not want to send/receive IPv6 traffic. > > IME if you enable IPv6 in the kernel, EVERY up interface will have an > IPv6 address (the link-local one, I suppose). What happens with interfaces depend upon how they are configured debian v. Red Hat etc etc I just checked on Ubuntu 12.10 --- $ sysctl -a | grep ipv6.*disable net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.eth0.disable_ipv6 = 0 net.ipv6.conf.eth1.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 $ sysctl net.ipv6.conf.eth1.disable_ipv6=1 deleted all IPv6 addresses from eth1, including the link-local addresses. > > Also, without IPv6 enabled, it won't receive IPv6 packets on those > > interfaces. > > Are you asserting that if IPv6 is enabled in-kernel, but an interface > has no IPv6 address, IPv6 traffic arriving on that interface will be > dropped on the floor? What about broadcast traffic? I am asserting that without IPv6 enabled, any IPv6 packets won't be passed up to the networking stack. But, I'm a networking guy, and my priority is to enable things wherever I can, rather than a security guy, whose priority is to block everything that isn't essential. John
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
