Bug#542470: linux-image-2.6.30-1-686: IPv6 can not be disabled
- To: 542470@bugs.debian.org
- Subject: Bug#542470: linux-image-2.6.30-1-686: IPv6 can not be disabled
- From: Bjørn Mork <bjorn@mork.no>
- Date: Thu, 20 Aug 2009 14:25:58 +0200
- Message-id: <[🔎] 873a7mwu21.fsf@nemi.mork.no>
- Reply-to: Bjørn Mork <bjorn@mork.no>, 542470@bugs.debian.org
- In-reply-to: <20090819193739.4263.40160.reportbug__24907.3085179136$1250713098$gmane$org@gregson.conandoyle.local> (advocatux@gmail.com's message of "Wed, 19 Aug 2009 21:37:39 +0200")
- References: <20090819193739.4263.40160.reportbug__24907.3085179136$1250713098$gmane$org@gregson.conandoyle.local>
advocatux <advocatux@gmail.com> writes:
> IPv6 is enabled by default in kernel 2.6.30 and can't be disabled, at
> least not in an easy way.
Sure there is. Boot with "ipv6.disable=1" on the command line.
kvm-sid:~# dmesg|grep -i ipv6
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64 root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0 console=ttyS0,9600n8 ipv6.disable=1
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64 root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0 console=ttyS0,9600n8 ipv6.disable=1
[ 0.585652] IPv6: Loaded, but administratively disabled, reboot required to enable
[ 0.588546] Mobile IPv6
kvm-sid:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:aa:00:ff:00:fc
inet addr:192.168.3.230 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1406 (1.3 KiB) TX bytes:1190 (1.1 KiB)
> I've tried both echo 1 >/proc/sys/net/ipv6/conf/all/disable_ipv6 and sysctl -w net.ipv6.conf.all.disable_ipv6=1 methods without any success.
>
> I think this bug is related to https://bugs.launchpad.net/bugs/351656 in Ubuntu.
>
> In that report someone says there's a fix from upstream and that's already fixed in 2.6.31 series.
Oh, it went in a while ago. See
http://patchwork.ozlabs.org/patch/27856/
> There'd be a possible security risk in this whole thing.
Yeah, just like having IPv4 enabled by default. Given the number of
attacks, I would say that IPv4 is much more dangerous and should be
disabled immediately by any sane administrator :-)
Bjørn
Reply to: