I have a question reqarding Linux IPv6 configuration.
I want to get rid of IPv6, which is in -vanilla it seems. I have
a sysctl.conf that contains, among others (maybe excessive)
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
and with -grsec/-hardened i saw "sysctl not supported" or so fly
by (that sysctl.conf is shared in between all Linux boxes).
Now with -vanilla that message no longer occurs but the IPv6 stack
becomes activated regardless, and i have to manually
* [_at_sdaoden]$ sysctl -w net.ipv6.conf.all.disable_ipv6=1
again after startup is completed. The new setting is then
however honoured whatever action is performed it seems, regetting
DHCP config and restarting my firewall script traffic-qos.sh
(called via init.d/iptables hack otherwise) do not affect this
setting no more, for example.
I have to add ipv6 to the module blacklist to overcome this
situation, this works just fine, but seems somehow excessive and
as if something would be wrong.
If i do not blacklist ipv6 it will be used by "idp_diag sctp".
Any hint much appreciated.
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Received on Mon Feb 12 2018 - 17:55:56 UTC