On Wed, Mar 28, 2007 at 04:41:20PM -0700, John Brahy wrote: > So if I use GENERIC and then disable ipv6 is that a safe thing do to? In > light of the recent security issue and since I don't use ipv6 I thought it > would make the system more secure, but I definitely don't want to make it > unstable.
OK, so you seem sincere. Here's the scoop as I see it. If you change the config yourself, everything will probably work fine but people will be *much* less likely to be interested in helping you. There are enough architectures and possible issues without worrying about custom kernels. Now, in truth, you can switch things off (or on) in the config and it will (of course) run just fine and NOT be unstable. But if you have some problems, it's very, very good to have a stock GENERIC and/or GENERIC.MP laying around to reproduce it with. If you can reproduce a problem with GENERIC, then you're more likely to get help. I have a kernel with custom stuff enabled on a production machine. If I ran into problems, the very first thing I'd do is reboot with the stock kernel. Note also, that I've *added* things. I've never found a reason to disable things, though that does sometimes happen. Not to repeat myself endlessly, but... keep a stock kernel laying around to boot from if you need it. Now, in your particular case... there's no need to disable IPv6 in the kernel. As has been mentioned already, the kernel has been patched, and "block in inet6" in /etc/pf.conf works fine. I recommend you apply the patches (or follow -stable) AND block any and all stuff you don't need, always. If you're doing that, then the IPv6 errata turns into "oh, how interesting" rather than "oh, shit!" -- Darrin Chandler | Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
