On Fri, Mar 21, 2008 at 09:12:57AM -0400, Steve Grubb wrote: > On Thursday 20 March 2008 20:33:28 Jerry Williams wrote: > > I don't need ipv6 and I tried adding the lines to /etc/modprobe.conf to not > > load it but it still happens. > > > > So what is the correct way to not load the ipv6 module? > > This is the guidance I'm passing out in our security documents: > > 1) Create a file /etc/modprobe.d/no-ipv6 > 2) Add inside it > install ipv6 /bin/true > 3) Close up and reboot Why not just firewall it? /etc/sysconfig/ip6tables: :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable -A FORWARD -j REJECT --reject-with icmp6-port-unreachable COMMIT -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
