Bug#542470: linux-image-2.6.30-1-686: IPv6 can not be disabled

[Bjørn Mork <bjorn@mork.no>]

advocatux <advocatux@gmail.com> writes:

> IPv6 is enabled by default in kernel 2.6.30 and can't be disabled, at
> least not in an easy way.

Sure there is.  Boot with "ipv6.disable=1" on the command line.


kvm-sid:~# dmesg|grep -i ipv6
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64 root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0 console=ttyS0,9600n8 ipv6.disable=1
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.30-1-amd64 root=UUID=0d3e856e-8f99-4b3e-8d4f-37a65486930b ro console=tty0 console=ttyS0,9600n8 ipv6.disable=1
[    0.585652] IPv6: Loaded, but administratively disabled, reboot required to enable
[    0.588546] Mobile IPv6
kvm-sid:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:aa:00:ff:00:fc  
          inet addr:192.168.3.230  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1406 (1.3 KiB)  TX bytes:1190 (1.1 KiB)



> I've tried both echo 1 >/proc/sys/net/ipv6/conf/all/disable_ipv6 and sysctl -w net.ipv6.conf.all.disable_ipv6=1 methods without any success.
>
> I think this bug is related to https://bugs.launchpad.net/bugs/351656 in Ubuntu.
>
> In that report someone says there's a fix from upstream and that's already fixed in 2.6.31 series.

Oh, it went in a while ago.  See
http://patchwork.ozlabs.org/patch/27856/

> There'd be a possible security risk in this whole thing.

Yeah, just like having IPv4 enabled by default.  Given the number of
attacks, I would say that IPv4 is much more dangerous and should be
disabled immediately by any sane administrator :-)



Bjørn