Red Hat Bugzilla – Bug 375581
a netfiter module re-enables ipv6 when disabled
Last modified: 2007-12-13 20:00:20 EST
Description of problem:
I run my boxes with ip6 disabled, you know, don't
run what is not needed. I couldn't figure out why I was seeing ipv6
addresses on my interfaces, and ipv6 module was loaded when I know that
I disabled ipv6 in modprobe.conf and sysconfig/network. I disabled the
startup on any services that I start on boot except for the network, and
the ipv6 addresses were gone. Upon starting just shorewall, the
addresses were back, shorewall loads the module nf_nat_h323 which loads the
nf_conntrack_h323 module, and that loads ipv6!
Version-Release number of selected component (if applicable):
Steps to Reproduce:
ipv6 addresses get assigned to the interfaces.
ipv6 stays disabled
I've disabled the loading of nf_nat_h323 and the ipv6 addresses don't appear.
I can reproduce the problem here. nf_conntrack_h323 has a dependency on the ipv6
This is not an iptables userland problem, therefore assigning to kernel.
The missing symbol is: ip6_route_output
There's no clean way to remove the dependancy other than to fork the h323 code
into a seperate ip6 version, which would be 99% the same (other than that
function) which seems like ridiculous overkill.
There's no quick fix here, so if having ipv6.ko loaded is an issue for you, I'd
suggest to bring it up with the upstream networking developers on
Nothing should override a system configuration option. I think it would be best
if nf_conntrack_h323 couldn't load, if ipv6 was not already loaded. It should
refuse to load if ipv6 is disabled, like in this post:
If all else fails, rename or erase ipv6.ko
FYI Fixed upstream: