X-Original-To: alpine-user@lists.alpinelinux.org
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
	by lists.alpinelinux.org (Postfix) with ESMTP id 94FB25C436F
	for <alpine-user@lists.alpinelinux.org>; Mon, 12 Feb 2018 16:54:20 +0000 (GMT)
Received: by sdaoden.eu (Postfix, from userid 1000)
	id BDCFE16045; Mon, 12 Feb 2018 17:54:19 +0100 (CET)
Date: Mon, 12 Feb 2018 17:55:56 +0100
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: alpine-user@lists.alpinelinux.org
Subject: [alpine-user] net.ipv6.conf.all.disable_ipv6=1 not honoured, need to blacklist ipv6
Message-ID: <20180212165556.35KMD%steffen@sdaoden.eu>
Mail-Followup-To: alpine-user@lists.alpinelinux.org
User-Agent: s-nail v14.9.6-48-gd837577b
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
X-Mailinglist: alpine-user
Precedence: list
List-Id: Alpine Development <alpine-user.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-user+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-user@lists.alpinelinux.org>
List-Help: <mailto:alpine-user+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-user+subscribe@lists.alpinelinux.org?subject=subscribe>

Hello again.

I have a question reqarding Linux IPv6 configuration.
I want to get rid of IPv6, which is in -vanilla it seems.  I have
a sysctl.conf that contains, among others (maybe excessive)

  net.ipv6.conf.all.disable_ipv6 = 1
  net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.lo.disable_ipv6 = 1
  net.ipv6.conf.eth0.disable_ipv6 = 1

and with -grsec/-hardened i saw "sysctl not supported" or so fly
by (that sysctl.conf is shared in between all Linux boxes).
Now with -vanilla that message no longer occurs but the IPv6 stack
becomes activated regardless, and i have to manually

  * [@sdaoden]$ sysctl -w net.ipv6.conf.all.disable_ipv6=1

again after startup is completed.  The new setting is then
however honoured whatever action is performed it seems, regetting
DHCP config and restarting my firewall script traffic-qos.sh
(called via init.d/iptables hack otherwise) do not affect this
setting no more, for example.

I have to add ipv6 to the module blacklist to overcome this
situation, this works just fine, but seems somehow excessive and
as if something would be wrong.
If i do not blacklist ipv6 it will be used by "idp_diag sctp".
Any hint much appreciated.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


---
Unsubscribe:  alpine-user+unsubscribe@lists.alpinelinux.org
Help:         alpine-user+help@lists.alpinelinux.org
---