Am 12.07.2013 18:44, schrieb Fernando Lozano: >> [As I changed the subject, let me clear: IPv6 still compiled in the kernel. Just the network interfaces configs >> that should come with IPv6 disabled by default, if the user wants it should be easy to enable] >> exactly *that* is my point >> >> it is ridiculous that i bave a clearly static ipv4 config >> using network.service as well as "ipv6disable=1" as kernel >> param and on a F19 machine with 3.10.0-1.fc20.x86_64 eth0 >> comes up with "inet6 fe80::20c:29ff:fe30:82b9" >> >> this is not a matter of ipv6 security / yes / no / don't know >> it is a matter of if ipv6 would make sense for the network >> and would enable and *properly* configure it but this is >> not the case because the gateway is for sure not ipv6 capable >> >> i do not need to see any ip-address (ipv4 or ipv6) on a >> statically interface which was not explicitly configured > Having a smarter ifconfig / ip tool or ethernet device driver would be a way to implement my proposal. > > But, by the IPv6 RTFs, just having IPv6 enabled means there is an IPv6 address for that interface. IPv6 provides > local auto-configuration for network intefaces, without DHCP or any other infrastrucure being present. > > That's one thing that creates security risks: you don't know you could be reached by that address. > > So, ifconfig or ip or whatever would have to disable IPv6 for any interface that does not having an explicit IPv6 > address. I'd think it would be easier to have the default eth*-cfg files and Network Manager disable IPv6 unless > the user tells them to enable. hence it would be enough if "ifup" would respect the configuration i can not see "just having IPv6 enabled means there is an IPv6 address" below - where is there ipv6 enabled? there is even a "IPV6INIT=no" jesus this is a *ipv6 disabled* interface and it has a link-local address and NM does not run here at all because on complex network configuration with different interfaces "network.service" is the better way (MHO and IMHO is enough on machines i am responsible for) http://www.cyberciti.biz/faq/rhel-redhat-fedora-centos-ipv6-network-configuration/ [root@rawhide ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0c:29:30:82:b9 ONBOOT=yes BOOTPROTO=static TYPE=Ethernet MODE=Managed IPADDR=192.168.196.18 NM_CONTROLLED=no IPV6INIT=no NETMASK=255.255.255.0 GATEWAY=192.168.196.2 USERCTL=no MTU=1500 [root@rawhide ~]# ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.196.18 netmask 255.255.255.0 broadcast 192.168.196.255 inet6 fe80::20c:29ff:fe30:82b9 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:30:82:b9 txqueuelen 1000 (Ethernet) RX packets 2046 bytes 170804 (166.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1608 bytes 176828 (172.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
