Disable IPv6 by default.

Peter Robinson pbrobinson at gmail.com
Thu Sep 13 16:51:14 UTC 2007

> >>>> I use ipv6 daily.  why should i go through extra steps when having both
> >>>> enabled does not hurt people with ipv4 only connections?
> >>>>
> >>> Perhaps you've heard of the recommended policy "turn off all unused
> >>> services"? Enabling IPv6 wastes RAM (several dozen pages) and is a
> >>> security risk when the only connections used are IPv4.
> >>>
> >>> Just publicize the easy OFF switch:
> >>> ----- /etc/modprobe.conf
> >>> alias net-pf-10 off
> >>> -----
> >>>
> >> Hear Hear...
> >>
> >> Best regards.
> >>               Johann B.
> >>
> > Please provide proof of your claims.  where is the security risk?
> > Johann.
> > why exactly do you want ipv6 disabled?
> >
> >
> Majority of user are not using it, it's wasting time and resources,
> faster boot time.
> When I turn things  "off" or disable them programs should not be wasting
> time and resources
> to be running an constantly listening or checking and wondering if they
> are gonna receive "instruction" to process and further instruct
> a program that I have already disabled.

I'm not sure how much of a saving (both in resources and time) turning
off ipv6 would make. Most services support IPV6 out of the box and
have it all compiled in. So by turning IPV6 off about all you would
save is the memory of a few kernel modules. I'm not sure the best way
to actually calculate this but doing a "lsmod | grep ip6" got me a few
modules which totaled a huge 312 KB. Huge. As for startup time about
the only thing I see that takes time is the ipv6 firewall.

> > Personally other than using it now.  i think that it will be a big step
> > backwards if we disabled ipv6 by default.  for one thing the DOD has mandated
> > that all there systems be running ipv6 by 2008
> > http://www.networkworld.com/news/2005/080105-ipv6.html so you will see much
> > faster acceleration of ipv6 services and usage within the next year since US
> > govt contractors will need to have ipv6 to do there job.
> >
> Maybe in the US but in the rest of the world and for companies and like,
> Unless you force them to use
> IPv6 and give them IPv6 compatable hardware they won't switch.

In fact IPV6 is getting quite popular through out Europe and Asia,
more and more ISPs are offering IPV6 as an option, most (if not all)
hosting providers offer IPV6. Most if not all modern OSes support IPV6
out of the box (MacOSX, Vista, Server 2008) and with the M$ products
you can't disable it (you can on a particular interface but it still
runs on loop back and for other bits).

Also all corporate level hardware supports IPv6 out of the box, or has
had firmwares available to support it for years.


More information about the fedora-devel-list mailing list