On Mon, Jul 15, 2013 at 04:55:24PM +0200, Reindl Harald wrote: > > > Am 15.07.2013 16:44, schrieb Michal Schmidt: > > On 07/13/2013 01:44 AM, Reindl Harald wrote: > >> please take a look at this > >> https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12 > >> > >> what do we do in the future to disable ipv6 entirely > >> and why is "ipv6.disable=1" as kernel param at least > >> with 3.10.0-1.fc20.x86_64 on F19? > > > > Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1": > > https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html > > I assume it's still true today. > > > > "ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c. > > > > In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo > > thanks for your feedback, yes this was a typo > > however, i removed it over the weekend and disabled ipv6 with sysctl > software like ntpd, smbd still insists in listening on ipv6 sockets > and the maintainers of the packages says this inconsistent behavior > is fine > _______________________________________________________ > > udp 0 0 *:ntp *:* > udp6 0 0 [::]:ntp [::]:* > > tcp6 0 0 :::139 :::* LISTEN 3079/smbd > tcp6 0 0 :::445 :::* LISTEN 3079/smbd > _______________________________________________________ > > /etc/sysctl.conf > > net.ipv6.conf.all.disable_ipv6=1 > net.ipv6.conf.all.accept_redirects=0 > net.ipv6.conf.all.accept_source_route=0 > net.ipv6.conf.default.disable_ipv6=1 > net.ipv6.conf.default.accept_redirects=0 > net.ipv6.conf.default.accept_source_route=0 > You're configuration indicates all interfaces should not send/recieve/forward ipv6 traffic. That in no way indicates that applications can't create ipv6 sockets, its just that those sockets will never receive data, and any data transmitted on them will be dropped. If you really don't want to see ipv6 sockets, you need to use the ipv6.disable kernel command line option. Note however, that doing so will prevent the registration of the PF_INET6 address family, meaning that any application call to socket(PF_INET6,...) will fail with an EAFNOTSUPPORT errno return. That could cause lots of applications to get confused or otherwise misbehave, which is why most people don't use it, opting instead for the more sane options that you have above. Neil > _______________________________________________ > kernel mailing list > kernel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/kernel _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel