Description of problem: The installed system runs ipv6 (loads kernel module ipv6 and uses it for networking services) despite having "Disabled" in the IPv6/Prefix portion of the graphical configuration menu for Network Devices. Version-Release number of selected component (if applicable): anaconda-11.3.0.28 How reproducible: always Steps to Reproduce: 1. Boot rescue disk 2. Network install via http 3. Disable IPv6 for installer itself 4. Confirm "Disabled" in IPv6/Prefix section of configuration for Network Devices. Actual results: Installed system loads kernel module ipv6, and networking uses ipv6. The installed system contains no line "blacklist ipv6" in any file in directory /etc/udev/rules.d, which seems to be the prefered mechanism for actually inhibiting the use of ipv6. All kickstart lines for 'network' in /root/anaconda-cfg.ks omit "--nopiv6" which would seem to be required if "Disable IPv6" were to be propagated from the installer to the installed system. Expected results: Installed system does not use ipv6, and kernel module ipv6 is not loaded. Additional info: The observed behavior might quality as a security risk, because a facility that was intended not to be used was not disabled. See also bug # 241667 "--noipv6 option for network is ignored" in RHEL5.
This is as designed. At one point in time, I was writing out the 'blacklist ipv6' line. However, Fedora will now always load the ipv6 module, but not necessarily configure the interface. If you disable IPv6 during installation, the IPv6 stack will not be configured, but the module will still be loaded. This is not something that will change in Fedora, we are going to have the dual stack from now on, but not necessarily configured. If users want to forcibly prevent ipv6.ko from loading, you will have to do that by hand either in a kickstart %post section or manually after installation. There is a push to limit things like 'blacklist ipv6' setting by the installer because that's really something we should never care about and neither should a majority of the users. That's why it was removed. That and wanting to make sure that software works with dual stack IPv4/IPv6 systems.