From: Jerry Vonau <jvonau@shaw.ca>
To: netfilter@vger.kernel.org
Subject: Re: Why does ipv6 addresses appear when loading a module?
Date: Sun, 11 Nov 2007 15:42:29 -0600 [thread overview]
Message-ID: <47377745.2090702@shaw.ca> (raw)
In-Reply-To: <4736E313.70804@treenet.co.nz>
Amos Jeffries wrote:
> Jerry Vonau wrote:
>> Hi All:
>>
>> I'm not subscribed to the list, please cc me on any replies please.
>>
>> While playing around with the latest fedora, think I found an issue with
>> a netfilter module. I run my boxes with ip6 disabled, you know, don't
>> run what is not needed. I couldn't figure out why I was seeing ipv6
>> addresses on my interfaces, and ipv6 module was loaded when I know that
>> I disabled ipv6 in modprobe.conf and sysconfig/network. For my netfilter
>> needs I use shorewall, which loads the module nf_nat_h323, which loads
>> the nf_conntrack_h323 module, and that loads ipv6! Once ipv6 is loaded,
>> you can't rmmod it and ipv6 addresses are assigned to the interfaces.
>> I've disabled the loading of those modules and the ipv6 addresses don't
>> occur. My question is this the intended behavior for this module?
>>
>> Thanks in advance,
>>
>> Jerry
>
> Why are you so resistant to IPv6?
I'm not, just not ready for it yet, I need a better understanding.
>
> Addresses should only start occurring if the network the machine is
> attached to is IPv6-enabled and active. When that happens ::1
> (localhost, actually less dangerous than 127.0.0.1) is assigned, but
> only the IPv6-connected interface gets an actual 2000::/3 public
> allocation to use.
>
Ah, the fe80 that I saw was more or less the same as a zeroconfig
address, and is not really reachable, except for connections on the same
wire. That could still cause a problem for someone.
> You appear to be in the perfect position to make the transition now and
> painlessly. By forcibly disabling it you are making yourself come back a
> a few months and re-enable it all piece-by-piece.
>
I don't think editing 2 files is that much work.
> You would do better to leave it, and just configure the FW through
> ip6tables.
>
Shorewall blocks ipv6, if that option is set.
> Amos
>
That really doesn't explain why a module could override a user/admin's
wish to disable ipv6.
Jerry
prev parent reply other threads:[~2007-11-11 21:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-11 7:04 Why does ipv6 addresses appear when loading a module? Jerry Vonau
2007-11-11 11:10 ` Amos Jeffries
2007-11-11 21:42 ` Jerry Vonau [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47377745.2090702@shaw.ca \
--to=jvonau@shaw.ca \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.