From nobody Thu May 11 05:15:45 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QH0VL3pGCz49j5B for ; Thu, 11 May 2023 05:16:10 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from h1.out1.mxs.au (h1.out1.mxs.au [110.232.143.235]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QH0VH4wSPz4KSB for ; Thu, 11 May 2023 05:16:06 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nimnet.asn.au header.s=default header.b=rirFYJ5a; spf=pass (mx1.freebsd.org: domain of smithi@nimnet.asn.au designates 110.232.143.235 as permitted sender) smtp.mailfrom=smithi@nimnet.asn.au; dmarc=none Received: from s121.syd3.hostingplatform.net.au (s121.syd3.hostingplatform.net.au [103.27.34.4]) by out1.mxs.au (Halon) with ESMTPS id e735da43-efba-11ed-8294-00163c39b365; Thu, 11 May 2023 15:15:54 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nimnet.asn.au; s=default; h=Message-ID:From:CC:To:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To: Date:Sender:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YNVoiTmndthjT6h+Tl2EDCd/wLSREv4wbUbJqO7Pn6g=; b=rirFYJ5aNj+tSlifihj/bLwAsB T8UVnuRCCzjCyGmP5/6jKx5uU95ZzPhtH4WlncYGUywK25Hsp4SpM7HcP2dcJuPNS/8ZpNGexcisr eu5rGSeckBIlHPVZeSP3Wmxm5DycVQxDPoJPeQY3LafqkiCDYHtP9QFpxW94G8tJ35cRnhqwHKcFv h7O4fijdCPzQliSwTGRW3g1BV3yeYM+SrmtJoD3ApadnbBfqwRAm4j3maRxEVWq3Qcvf0of9mRyVb CRhcYSLACUp0lE1NHfAtVYoSxIQcx9cQMlzvgvuR4KPnQcw5dY1144WNd8Fiwf3UBMgSuuHBDmBCx W0xumSwA==; Received: from [1.144.240.95] (port=38238 helo=Galaxy-J5-Pro) by s121.syd3.hostingplatform.net.au with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1pwyef-004HeW-2I; Thu, 11 May 2023 15:15:53 +1000 Date: Thu, 11 May 2023 15:15:45 +1000 User-Agent: K-9 Mail for Android In-Reply-To: <996b0ce7-0bfe-03e3-0666-6cec58b4ceba@dreamchaser.org> References: <996b0ce7-0bfe-03e3-0666-6cec58b4ceba@dreamchaser.org> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: turning off ipv6 on lo0 To: Gary Aitken CC: TIM KELLERS ,questions@freebsd.org From: Ian Smith Message-ID: <33CC3500-3594-423D-BDCB-2321DCF4F1E2@nimnet.asn.au> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - s121.syd3.hostingplatform.net.au X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - nimnet.asn.au X-Get-Message-Sender-Via: s121.syd3.hostingplatform.net.au: authenticated_id: smithi@nimnet.asn.au X-Authenticated-Sender: s121.syd3.hostingplatform.net.au: smithi@nimnet.asn.au X-Source: X-Source-Args: X-Source-Dir: X-Spamd-Result: default: False [-3.50 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip4:110.232.143.0/24]; R_DKIM_ALLOW(-0.20)[nimnet.asn.au:s=default]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; RCPT_COUNT_THREE(0.00)[3]; HAS_X_GMSV(0.00)[smithi@nimnet.asn.au]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[nimnet.asn.au]; BLOCKLISTDE_FAIL(0.00)[110.232.143.235:server fail,103.27.34.4:server fail,1.144.240.95:server fail]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; HAS_X_AS(0.00)[smithi@nimnet.asn.au]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[nimnet.asn.au:+]; HAS_X_SOURCE(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org]; HAS_X_ANTIABUSE(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:45638, ipnet:110.232.140.0/22, country:AU]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4QH0VH4wSPz4KSB X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N On 9 May 2023 3:52:44 am AEST, Gary Aitken wrot= e: > Can't seem to figure out how to completely disable ipv6 in > 12=2E4-RELEASE=2E > Tried everything I've found in searches, I think=2E >=20 > rc=2Econf: >=20 > ip6addrctl_enable=3D"NO" > ip6addrctl_prefer_ipv4=3D"YES" > ip6addrctl_prefer_ipv6=3D"NO" > ipv6_activate_all_interfaces=3D"NO" > # neither of the 2 lines below have any effect; > # nor does the absence of them > # lo0 always has ipv6 configured > #ipv6_network_interfaces=3D"none" > #ipv6_network_interfaces=3D"" Yes=2E > An ifconfig shows no ipv6 on any interfaces except lo0: >=20 > lo0: flags=3D8049 metric 0 mtu 16384 > options=3D680003 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127=2E0=2E0=2E1 netmask 0xff000000 > groups: lo > nd6 options=3D21 >=20 > So how do I get rid of it on lo0? See /etc/network=2Esubr =2E=2E=2E unless you go drastic and omit ipv6 from= kernel as Tim suggested, lo0 will have address ::1=2E > Should I care? No need to=2E localhost doesn't transact with other than localhost anyway= AFAIK, and even if tried - as you mentioned running ipfw - rc=2Efirewall i= nitialisation runs: setup_loopback() { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127=2E0=2E0=2E0/8 ${fwcmd} add 300 deny ip from 127=2E0=2E0=2E0/8 to any if [ $ipv6_available -eq 0 ]; then ${fwcmd} add 400 deny all from any to ::1 ${fwcmd} add 500 deny all from ::1 to any fi } where ipv6_available is 0 when "afexists inet6", ie in kernel (/etc/networ= k=2Esubr) cheers, Ian