Bug 198045 - NETWORKING_IPV6 cannot disable IPv6
NETWORKING_IPV6 cannot disable IPv6
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
: 125587 134471 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-08 10:39 EDT by Vladimir Kotal
Modified: 2014-03-16 23:00 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-14 20:48:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
silly modprobe rules (158 bytes, text/plain)
2007-01-17 14:41 EST, Bill Nottingham
no flags Details

  None (edit)
Description Vladimir Kotal 2006-07-08 10:39:17 EDT
Description of problem:
NETWORKING_IPV6 is not able to disable IPv6

Version-Release number of selected component (if applicable):
initscripts-8.31.1-1

[techie@erazim ~]$ uname -a
Linux erazim.local.lab.devnull.cz 2.6.17-1.2139_FC5 #1 Fri Jun 23 12:40:16 EDT
2006 i686 athlon i386 GNU/Linux

How reproducible:
add following lines to /etc/sysconfig/network:

NETWORKING_IPV6=no
IPV6INIT=no

and reboot

Steps to Reproduce:
1. try to disable IPv6 via /etc/sysconfig/network
2. reboot
  
Actual results:
IPv6 addresses are still assigned to Ethernet interfaces (via IPv6
autoconfiguration)

Expected results:
IPv6 should be disabled after reboot if /etc/sysconfig/network says so.

Additional info:
As a workaround IPv6 can be disabled by putting following lines into
/etc/modprobe.conf:

alias net-pf-10 off
alias ipv6 off

Without those lines in /etc/modprobe.conf NETWORKING_IPV6=no in
/etc/sysconfig/network has no effect on the system (after reboot).
Comment 1 Bill Nottingham 2006-07-10 16:07:41 EDT
*** Bug 134471 has been marked as a duplicate of this bug. ***
Comment 2 Bill Nottingham 2006-07-10 16:07:57 EDT
*** Bug 125587 has been marked as a duplicate of this bug. ***
Comment 3 Bill Nottingham 2006-07-10 16:11:41 EDT
I wonder if it's simpler to deprecate NETWORKING_IPV6=no; I'm not sure that
dynamically modifying the module config at runtime is the right answer.
Comment 4 Miloslav Trmač 2006-07-10 16:40:00 EDT
*** Bug 134471 has been marked as a duplicate of this bug. ***
Comment 5 Vladimir Kotal 2006-07-10 16:42:41 EDT
And what about keeping NETWORKING_IPV6=no; and make it add ipv6 disable entries
to be added to /etc/modprobe.conf upon boot ?
Comment 6 Bill Nottingham 2006-07-10 17:05:18 EDT
Please re-read comment #3. :)
Comment 7 Bill Nottingham 2006-07-11 12:28:34 EDT
*** Bug 125587 has been marked as a duplicate of this bug. ***
Comment 8 Olivier Benghozi 2006-07-11 17:12:30 EDT
When ntps loads, it creates a PF_INET6 socket. At this time, ipv6 module is
automatically loaded unless /etc/modules.conf contains net-pf-10 off.
NETWORKING_IPV6=no is not concerned since it doesn't impact the kernel & modules
behavior.
Maybe Anaconda installer should ask if ipv6 has to be enabled in order to remove
a new by-default net-pf-10 off.
Or maybe NETWORKING_IPV6=no should makes rc.sysinit to add a net-pf-10 off if
it's not already present in modules.conf, and its absence or =yes do the contrary.
Comment 9 Thomas Antony 2006-07-11 17:41:41 EDT
I think this should handle rc.sysinit
When NETWORKING_IPV6=no is found in /etc/sysconfig/network, then rc.sysinit
should  create or modify a file like /etc/modprobe.d/ipv6 with the content alias
net-pf-10 off and alias ipv6 off
Comment 10 Bill Nottingham 2006-07-12 00:04:03 EDT
... and if your entire root FS is readonly? 

This should be something configured at the same time as NETWOKRING_IPV6, IMO.
Comment 11 Trevor Cordes 2006-10-29 18:34:02 EST
Can someone tell me why after adding:
to /etc/modprobe.conf:
alias net-pf-10 off
alias ipv6 off
to /etc/sysconfig/network:
NETWORKING_IPV6=no

and reboot, ipv6 is still being loaded?  lsmod shows ipv6.  Named barfs all the
time on AAAA records (and causes "host" to output SERVFAILs).

How can I definitively disable ipv6?  Each rev of the OS this gets harder and
harder to do...
Comment 12 Trevor Cordes 2006-10-29 18:43:52 EST
Ignore my last post comment #11, my dunce cap was still on.  Looks like the box
I was testing is ignoring reboot -f commands and so I thought it was rebooted
but it wasn't!  Another box I tested shows that the above solution does indeed
work.  Now to solve why a box ignores reboot -f!!
Comment 13 Bill Nottingham 2007-01-17 14:41:54 EST
Created attachment 145855 [details]
silly modprobe rules

Try the attached - it's rather inefficient in that it has modprobe reading
shell config files, but it should work.
Comment 14 Olivier Benghozi 2007-01-20 12:22:11 EST
(In reply to comment #13)
These modprobes rules work here.
Comment 15 Bill Nottingham 2007-04-16 18:56:19 EDT
OK. This may be in a future FC6 update, however, this is not going in future
releases. as sourcing a config file every time the ipv6 module is attempted to
be loaded is rather inefficient.
Comment 16 Ken Tanzer 2007-06-14 18:46:36 EDT
Can I ask what the current status of this bug is?  We've got an FC7 machine with
this same issue.  Also, are the modprobe lines mentioned in the opening comment
still the preferred workaround?  Thanks.
Comment 17 Bill Nottingham 2007-06-14 20:48:04 EDT
If you want to unilaterally disable it, you want:

install ipv6 /bin/true

in /etc/modprobe.d/<whatever>

If you want it to read NETWORKING_IPV6, something like comment #13 could work.
However, that's so inefficient for the common case that it's not really
practical for large scale deployment.

As this config option no longer exists in Fedora 7, closing.
Comment 18 IgnitedMind 2013-04-05 06:05:33 EDT
1. I had already made following entries in ifcfg-eth0 :
IPv6INIT=NO
IPV6AUTOCONF=NO
2. Following entries were made in /etc/modprob.conf” :
alias net-pf-10 off
alias ipv6 off
3. These entries in /etc/sysconfig/network :
IPV6INIT=NO
NETWORKING_IPV6=NO
4. This line is added to /etc/modprobe.d/blaclist :
blacklist ipv6
5. Also I did one more in /etc/sysctl.conf :
6. `net.ipv6.conf.all.autoconf = 0`
7. `net.ipv6.conf.accept_ra = 0`

Still I am unable to disable IPV6 on linux, any thought please
Comment 19 Trevor Cordes 2013-09-29 04:59:39 EDT
(In reply to IgnitedMind from comment #18)
> Still I am unable to disable IPV6 on linux, any thought please

It's not worth fighting any more.  Just give in to the dark side and allow IPv6.  The main reasons for disabling it (many daemons buggy) are mostly gone now.

What I do is leave it alone, do it the "Fedora way", and block all I/O on 6 with ip6tables:

$ip6tables -P INPUT	DROP
$ip6tables -P FORWARD	DROP
$ip6tables -P OUTPUT	DROP
$ip6tables -A INPUT  -i lo -j ACCEPT
$ip6tables -A OUTPUT -o lo -j ACCEPT

That way it will stay until ISPs start giving us working 6 addresses.  I think hell will freeze over before that happens.

Note You need to log in before you can comment on or make changes to this bug.