On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote: > Hi, > > I'm looking for a way to selectively disable IPv6 on the bridge interfaces > on the oVirt hosts. > > When oVirt creates the bridges for all logical networks on the host, it > keeps the default settings for IPv6 which means all bridges get a link-local > address and accept router advertisements. > > When a VM is created on the logical network, it can now reach the host over > IPv6 (but not over IPv4 if no IP address has been assigned on the host). If > it sends out a router advertisement it can even create a global IPv6 address > (haven't tested this). > > How can I prevent this? > > I would like to prevent the guest from IPv6 access to the host but the guest > itself still needs IPv6 access (global IPv6 addresses). > > Is it sufficient to create a sysctl config file that says: > > net.ipv6.conf.default.disable_ipv6 = 1
Yes, I believe that this would do the trick. For any newly-created device on the system, regardless of ovirt bridges. I now see that el7 has changed the default for IPV6INIT to "yes". We should be more prudent and set IPV6INIT=no on all our devices. Would you open a bug about this, so it is tracked? Regards, Dan. > > ? > > Regards, > > Rik > > > -- > Rik Theys > System Engineer > KU Leuven - Dept. Elektrotechniek (ESAT) > Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee > +32(0)16/32.11.07 > ---------------------------------------------------------------- > <<Any errors in spelling, tact or fact are transmission errors>> > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
