Why does ipv6 addresses appear when loading a module?

All of lore.kernel.org
 help / color / mirror / Atom feed

* Why does ipv6 addresses appear when loading a module?
@ 2007-11-11  7:04 Jerry Vonau
  2007-11-11 11:10 ` Amos Jeffries
  0 siblings, 1 reply; 3+ messages in thread
From: Jerry Vonau @ 2007-11-11  7:04 UTC (permalink / raw)
  To: netfilter

Hi All:

I'm not subscribed to the list, please cc me on any replies please.

While playing around with the latest fedora, think I found an issue with
a netfilter module. I run my boxes with ip6 disabled, you know, don't
run what is not needed. I couldn't figure out why I was seeing ipv6
addresses on my interfaces, and ipv6 module was loaded when I know that
I disabled ipv6 in modprobe.conf and sysconfig/network. For my netfilter
needs I use shorewall, which loads the module nf_nat_h323, which loads
the nf_conntrack_h323 module, and that loads ipv6! Once ipv6 is loaded,
you can't rmmod it and ipv6 addresses are assigned to the interfaces.
I've disabled the loading of those modules and the ipv6 addresses don't
occur. My question is this the intended behavior for this module?

Thanks in advance,

Jerry

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Why does ipv6 addresses appear when loading a module?
  2007-11-11  7:04 Why does ipv6 addresses appear when loading a module? Jerry Vonau
@ 2007-11-11 11:10 ` Amos Jeffries
  2007-11-11 21:42   ` Jerry Vonau
  0 siblings, 1 reply; 3+ messages in thread
From: Amos Jeffries @ 2007-11-11 11:10 UTC (permalink / raw)
  To: Jerry Vonau; +Cc: netfilter

Jerry Vonau wrote:
> Hi All:
> 
> I'm not subscribed to the list, please cc me on any replies please.
> 
> While playing around with the latest fedora, think I found an issue with
> a netfilter module. I run my boxes with ip6 disabled, you know, don't
> run what is not needed. I couldn't figure out why I was seeing ipv6
> addresses on my interfaces, and ipv6 module was loaded when I know that
> I disabled ipv6 in modprobe.conf and sysconfig/network. For my netfilter
> needs I use shorewall, which loads the module nf_nat_h323, which loads
> the nf_conntrack_h323 module, and that loads ipv6! Once ipv6 is loaded,
> you can't rmmod it and ipv6 addresses are assigned to the interfaces.
> I've disabled the loading of those modules and the ipv6 addresses don't
> occur. My question is this the intended behavior for this module?
> 
> Thanks in advance,
> 
> Jerry

Why are you so resistant to IPv6?

Addresses should only start occurring if the network the machine is 
attached to is IPv6-enabled and active. When that happens ::1 
(localhost, actually less dangerous than 127.0.0.1) is assigned, but 
only the IPv6-connected interface gets an actual 2000::/3 public 
allocation to use.

You appear to be in the perfect position to make the transition now and 
painlessly. By forcibly disabling it you are making yourself come back a 
a few months and re-enable it all piece-by-piece.

You would do better to leave it, and just configure the FW through 
ip6tables.

Amos

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Why does ipv6 addresses appear when loading a module?
  2007-11-11 11:10 ` Amos Jeffries
@ 2007-11-11 21:42   ` Jerry Vonau
  0 siblings, 0 replies; 3+ messages in thread
From: Jerry Vonau @ 2007-11-11 21:42 UTC (permalink / raw)
  To: netfilter

Amos Jeffries wrote:
> Jerry Vonau wrote:
>> Hi All:
>>
>> I'm not subscribed to the list, please cc me on any replies please.
>>
>> While playing around with the latest fedora, think I found an issue with
>> a netfilter module. I run my boxes with ip6 disabled, you know, don't
>> run what is not needed. I couldn't figure out why I was seeing ipv6
>> addresses on my interfaces, and ipv6 module was loaded when I know that
>> I disabled ipv6 in modprobe.conf and sysconfig/network. For my netfilter
>> needs I use shorewall, which loads the module nf_nat_h323, which loads
>> the nf_conntrack_h323 module, and that loads ipv6! Once ipv6 is loaded,
>> you can't rmmod it and ipv6 addresses are assigned to the interfaces.
>> I've disabled the loading of those modules and the ipv6 addresses don't
>> occur. My question is this the intended behavior for this module?
>>
>> Thanks in advance,
>>
>> Jerry
> 
> Why are you so resistant to IPv6?

I'm not, just not ready for it yet, I need a better understanding.
> 
> Addresses should only start occurring if the network the machine is
> attached to is IPv6-enabled and active. When that happens ::1
> (localhost, actually less dangerous than 127.0.0.1) is assigned, but
> only the IPv6-connected interface gets an actual 2000::/3 public
> allocation to use.
> 
Ah, the fe80 that I saw was more or less the same as a zeroconfig
address, and is not really reachable, except for connections on the same
 wire. That could still cause a problem for someone.

> You appear to be in the perfect position to make the transition now and
> painlessly. By forcibly disabling it you are making yourself come back a
> a few months and re-enable it all piece-by-piece.
> 
I don't think editing 2 files is that much work.

> You would do better to leave it, and just configure the FW through
> ip6tables.
>
Shorewall blocks ipv6, if that option is set.

> Amos
> 
That really doesn't explain why a module could override a user/admin's
wish to disable ipv6.

Jerry

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-11-11 21:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-11  7:04 Why does ipv6 addresses appear when loading a module? Jerry Vonau
2007-11-11 11:10 ` Amos Jeffries
2007-11-11 21:42   ` Jerry Vonau

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.