Re: Is it possible to completely disable ipv6 in NetBSD 10

[Greg A. Woods]

At Sat, 15 Nov 2025 08:12:17 +0700, Robert Elz <k...@munnari.oz.au> wrote:
Subject: Re: Is it possible to completely disable ipv6 in NetBSD 10
>
>   | should work, shouldn't it ?
>
> No, it shouldn't - the two IFS related lines (first & last)
> were a last minute addition, and a complete brain fade.
>
> Ignore those.

I mostly did ignore them -- I only tested the loop inside the command
substitution because I knew the outer loop worked from my previous tests
with the awk hack.

I wondered what they were for, and I didn't even copy them into my edits
and thought I'd look at them later, but your followup message arrived
before I had the chance.

Below is what I have now, and include some style adjustments to try to
match the rest of the script.

--
                                        Greg A. Woods <gwo...@acm.org>

Kelowna, BC     +1 250 762-7675           RoboHack <wo...@robohack.ca>
Planix, Inc. <wo...@planix.com>     Avoncote Farms <wo...@avoncote.ca>


--- etc/rc.d/network.~1.85.~    2021-03-07 15:43:39.000000000 -0800
+++ etc/rc.d/network    2025-11-15 21:14:54.774400241 -0800
@@ -30,7 +30,7 @@

 have_inet6()
 {
-       /sbin/ifconfig lo0 inet6 >/dev/null 2>&1
+       [ $ip6mode != "off" ] && /sbin/ifconfig lo0 inet6 >/dev/null 2>&1
 }

 network_start()
@@ -43,14 +43,14 @@
        network_start_domainname
        network_start_loopback
        have_inet6 &&
-       network_start_ipv6_route
+           network_start_ipv6_route
        [ "$net_interfaces" != NO ] &&
-       network_start_interfaces
+           network_start_interfaces
        network_start_aliases
        network_start_defaultroute
        network_start_defaultroute6
        have_inet6 &&
-       network_wait_dad
+           network_wait_dad
        network_start_resolv
        network_start_local
 }
@@ -345,6 +345,35 @@
                                ;;
                        esac
                done
+               if [ $ip6mode = "off" ]; then
+                       # disable IPv6 and remove the automatically added inet6
+                       # addresses (specifically the automatically added
+                       # "link-local" address.
+                       #
+                       # Note dhcpcd, if used, should only be used with "-4" in
+                       # this mode in case the server answers with IPv6
+                       # addresses.
+                       #
+                       # This is necessary to prevent the likes of X11 clients
+                       # from trying to use IPv6 to connect to a neighbouring
+                       # server, e.g. when mDNS answers have link-local
+                       # addresses.
+                       #
+                       /usr/sbin/ndp -i $int disabled >/dev/null
+                       for ip6addr in $(/sbin/ifconfig $int |
+                                       while read word arg stuff
+                                       do
+                                               case $word in
+                                               inet6)
+                                                       printf '%s\n' "${arg}"
+                                                       ;;
+                                               esac
+                                       done
+                               )
+                       do
+                               /sbin/ifconfig $int inet6 delete "$ip6addr"
+                       done
+               fi
                configured_interfaces="$configured_interfaces $int"
        done
        echo "."

pgpGdIhiRHGEh.pgp
Description: OpenPGP Digital Signature