On 4/05/2016 4:00 p.m., Tory M Blue wrote: > Interesting, > > I do the sysctl settings and have no ipv6 interfaces showing up under > eth0/em0 or anything.. Been doing that for years, because I don't have > not taken the time to fix my DNS infrastructure and the pauses due to > ipv6 resolution attempts kill me > If you mean net.ipv6.conf.all.disable_ipv6=1, that just prevents the interfaces doing the IP assignment dance. IPv6 is still present and almost fully functional. Without the IP dance the machine is not advertised as existing to remote IPv6 machinery and incoming connections dont have anywhere to go. Outgoing connects can't use the system default IP for the interface because there is none. However, as you noticed Squid can still open a v6 socket and listen there for passing traffic of either IP type. It should also still be able to make outbound IPv6 connections if you configure tcp_outgoing_addr explicitly with an IPv6 to use instead of relying on the iface address. NP: one important implication is that v6-enabled malware can do similar and use IPv6 with its own self-assigned address out of your control. So you need to do the firewall dance anyway. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
