You are not logged in.
- Topics: Active | Unanswered
#1 2010-10-18 14:20:47
- carzzz215
- Member
- Registered: 2007-10-14
- Posts: 24
Whats the best way to block ipv6?
Hey guys, I was just wondering what the best way to block ipv6 is.
I know of disabling the module to turn off ipv6. But how about firewalling? I haven't seen ip6tables in the packages.
I don't have much to worry about from the public internet because my ISP is not offering ipv6 yet, and my router doesn't support it.
I'm just worried about other ipv6 hosts on the same local network.
I'm just curious how others are dealing with it. Firewalling? Disabling the module?
Offline
#2 2010-10-18 14:29:18
- lagagnon
- Member
- From: an Island in the Pacific...
- Registered: 2009-12-10
- Posts: 1,087
- Website
Re: Whats the best way to block ipv6?
Philosophy is looking for a black cat in a dark room. Metaphysics is looking for a black cat in a dark room that isn't there. Religion is looking for a black cat in a dark room that isn't there and shouting "I found it!". Science is looking for a black cat in a dark room with a flashlight.
Offline
#3 2010-10-18 19:55:05
- chron
- Member
- Registered: 2010-10-18
- Posts: 5
Re: Whats the best way to block ipv6?
Ip6tables is inculed in the iptables package.
To be honest I'm not sure why you would want to dissable v6, I don't see how that would make your system more secure.
Offline
#4 2010-10-18 20:18:45
- slytux
- Member
- From: New York
- Registered: 2010-09-25
- Posts: 129
Re: Whats the best way to block ipv6?
If you are compiling a custom kernel or modifying the default arch one already you can remove it from the kernel config before build via make menuconfig.
Networking support ---> Networking options ---> < >The Ipv6 protocol
$ zcat /proc/config.gz | grep -i ipv6
# CONFIG_IPV6 is not set
Offline
#5 2010-10-18 23:43:37
- IgnorantGuru
- Member
- Registered: 2009-11-09
- Posts: 640
- Website
Re: Whats the best way to block ipv6?
According to the wiki:
* Add the following parameter and setting to /etc/sysctl.conf:
net.ipv6.conf.all.disable_ipv6 = 1
* Load sysctl settings from /etc/sysctl.conf:
# sysctl -p
But that returns this error:
# sysctl -p
error: "net.ipv6.conf.all.disable_ipv6" is an unknown keyOffline
#6 2010-11-18 00:17:28
- thestinger
- Package Maintainer (PM)
- From: Toronto, Canada
- Registered: 2010-01-23
- Posts: 478
Re: Whats the best way to block ipv6?
the key only exists if ipv6 is loaded, so the second method is cleaner
# /etc/modprobe.d/modprobe.conf
# disable autoload of ipv6
alias net-pf-10 offI just did rmmod -f ipv6 after loading it to see if the key appeared, and crashed my computer xD
Last edited by thestinger (2010-11-18 00:20:46)
Offline
#7 2010-11-18 00:45:34
- hokasch
- Member
- Registered: 2007-09-23
- Posts: 1,461
Re: Whats the best way to block ipv6?
options ipv6 disable_ipv6in modprobe.conf should work as well.
Offline