Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 375581 - a netfiter module re-enables ipv6 when disabled
a netfiter module re-enables ipv6 when disabled
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-11-11 02:08 EST by Jerry Vonau
Modified: 2007-12-13 20:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-26 23:06:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jerry Vonau 2007-11-11 02:08:25 EST
Description of problem:
I run my boxes with ip6 disabled, you know, don't
run what is not needed. I couldn't figure out why I was seeing ipv6
addresses on my interfaces, and ipv6 module was loaded when I know that
I disabled ipv6 in modprobe.conf and sysconfig/network. I disabled the
startup on any services that I start on boot except for the network, and
the ipv6 addresses were gone. Upon starting just shorewall, the
addresses were back, shorewall loads the module nf_nat_h323 which loads the
nf_conntrack_h323 module, and that loads ipv6! 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.disable ipv6
2.modprobe nf_nat_h323
Actual results:
ipv6 addresses get assigned to the interfaces.

Expected results:
ipv6 stays disabled

Additional info:
I've disabled the loading of nf_nat_h323 and the ipv6 addresses don't appear.
Comment 1 Thomas Woerner 2007-11-12 05:35:48 EST
I can reproduce the problem here. nf_conntrack_h323 has a dependency on the ipv6

This is not an iptables userland problem, therefore assigning to kernel.
Comment 2 Thomas Woerner 2007-11-12 05:42:31 EST
The missing symbol is: ip6_route_output
Comment 3 Dave Jones 2007-11-26 23:06:19 EST
There's no clean way to remove the dependancy other than to fork the h323 code
into a seperate ip6 version, which would be 99% the same (other than that
function) which seems like ridiculous overkill.

There's no quick fix here, so if having ipv6.ko loaded is an issue for you, I'd
suggest to bring it up with the upstream networking developers on
Comment 4 Jerry Vonau 2007-11-27 13:25:15 EST
Nothing should override a system configuration option. I think it would be best
if nf_conntrack_h323 couldn't load, if ipv6 was not already loaded. It should
refuse to load if ipv6 is disabled, like in this post:

Comment 5 Chuck Ebbert 2007-11-27 14:49:07 EST
If all else fails, rename or erase ipv6.ko
Comment 6 Jerry Vonau 2007-12-13 20:00:20 EST
FYI Fixed upstream:


Note You need to log in before you can comment on or make changes to this bug.