From: Jerry Vonau <jvonau@shaw.ca>
To: netfilter@vger.kernel.org
Subject: Re: Why does ipv6 addresses appear when loading a module?
Date: Sun, 11 Nov 2007 15:42:29 -0600 [thread overview]
Message-ID: <47377745.2090702@shaw.ca> (raw)
In-Reply-To: <4736E313.70804@treenet.co.nz>
Amos Jeffries wrote:
> Jerry Vonau wrote:
>> Hi All:
>>
>> I'm not subscribed to the list, please cc me on any replies please.
>>
>> While playing around with the latest fedora, think I found an issue with
>> a netfilter module. I run my boxes with ip6 disabled, you know, don't
>> run what is not needed. I couldn't figure out why I was seeing ipv6
>> addresses on my interfaces, and ipv6 module was loaded when I know that
>> I disabled ipv6 in modprobe.conf and sysconfig/network. For my netfilter
>> needs I use shorewall, which loads the module nf_nat_h323, which loads
>> the nf_conntrack_h323 module, and that loads ipv6! Once ipv6 is loaded,
>> you can't rmmod it and ipv6 addresses are assigned to the interfaces.
>> I've disabled the loading of those modules and the ipv6 addresses don't
>> occur. My question is this the intended behavior for this module?
>>
>> Thanks in advance,
>>
>> Jerry
>
> Why are you so resistant to IPv6?
I'm not, just not ready for it yet, I need a better understanding.
>
> Addresses should only start occurring if the network the machine is
> attached to is IPv6-enabled and active. When that happens ::1
> (localhost, actually less dangerous than 127.0.0.1) is assigned, but
> only the IPv6-connected interface gets an actual 2000::/3 public
> allocation to use.
>
Ah, the fe80 that I saw was more or less the same as a zeroconfig
address, and is not really reachable, except for connections on the same
wire. That could still cause a problem for someone.
> You appear to be in the perfect position to make the transition now and
> painlessly. By forcibly disabling it you are making yourself come back a
> a few months and re-enable it all piece-by-piece.
>
I don't think editing 2 files is that much work.
> You would do better to leave it, and just configure the FW through
> ip6tables.
>
Shorewall blocks ipv6, if that option is set.
> Amos
>
That really doesn't explain why a module could override a user/admin's
wish to disable ipv6.
Jerry
prev parent reply other threads:[~2007-11-11 21:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-11 7:04 Why does ipv6 addresses appear when loading a module? Jerry Vonau
2007-11-11 11:10 ` Amos Jeffries
2007-11-11 21:42 ` Jerry Vonau [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47377745.2090702@shaw.ca \
--to=jvonau@shaw.ca \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox