Frantisek Hanzlik wrote:
Reindl Harald wrote:
Am 08.04.2012 14:07, schrieb Frantisek Hanzlik:
Networking code has especial position, as bugs / problems /
misconfigurations in it have strong impact to machine security.
And I simply do not want do any ip6tables and other ipv6
security configuration - because I do not want use ipv6
_entirely_
so disable it
what is your exactly problem?
i maintain 20 public fedora machines and no
single one has any ipv6 configuration becuase
i disabled it as explained - why can you do
not the same?
2) something (NetworkManager or other malware;) can easily activate it.
who told you so?
how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff
made some unwanted changes - maybe even on kernel commandline?
And after each reboot again? No, I don´t want it.
boah you have to disable it once for years as you
gad to disable the odule all the years before
NM is not in the position to overrdie kernel-parameters
kernel-parameters are not changed by updates
so again: what is your problem?
in times where it was a loadable module it was the same
you had to make sure to disable it AND it was loaded
most of the time
even if I wipe it from disk most services was able reconstruct
it and load again ;)
so and what is the difference now?
the stack is disabled entirely and the memory footprint may
be the same as unloaded module and code paths on different
places which has to check this
Here I eventually agree with You
hm you agree about memory fooprint
you can disable ipv6 entirely
so again: what is your problem?
Yeah, finitely we are back at my beginning question, fine.
Maybe $SUBJECT is incomprehensible, my English is poor.
I was asked for any reason(s) why now is ipv6 compiled in
kernel instead of previous (several months ago) state when
it was kernel module, for years.
For the present I cannot see any good arguments or references.
I can't see any reason to beat this topic further, it's the default because the
developers believe it is most useful to the majority of users. You can build
your kernel with as many things added or removed as you please and add patches
as you find are needed.
You understand how to solve what seems a trouble for you, you have the answer
"it's more generally useful" and you are entitled to your opinion but it's not
done by vote. So I guess you live with it or fix it on your machines. I fix
things, many people do, I don't think any deiscussion here is likely to be more
useful to you.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
