Correct way to not load ipv6 module f8/9?
Chuck Anderson
cra at WPI.EDU
Fri Mar 21 14:02:04 UTC 2008
On Fri, Mar 21, 2008 at 09:12:57AM -0400, Steve Grubb wrote:
> On Thursday 20 March 2008 20:33:28 Jerry Williams wrote:
> > I don't need ipv6 and I tried adding the lines to /etc/modprobe.conf to not
> > load it but it still happens.
> >
> > So what is the correct way to not load the ipv6 module?
>
> This is the guidance I'm passing out in our security documents:
>
> 1) Create a file /etc/modprobe.d/no-ipv6
> 2) Add inside it
> install ipv6 /bin/true
> 3) Close up and reboot
Why not just firewall it?
/etc/sysconfig/ip6tables:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
More information about the fedora-test-list
mailing list