Date: Tue, 18 Jun 2019 08:22:53 +0000 From: Lorenzo Salvadore <phascolarctos@protonmail.ch> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Eliminating IPv6 (?) Message-ID: <osfidavETPv_k8mIOOmWi54rn6Rd5D06sX4Bk7vbwFIb27vsmyjzH9V1iPKwkF0BDDPIdXYinOB4MG8KiajCKxRv7_tKjFfgSUq1MCYaBgg=@protonmail.ch> In-Reply-To: <18748.1560843874@segfault.tristatelogic.com> References: <18748.1560843874@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Tuesday 18 June 2019 09:44, Ronald F. Guilmette <rfg@tristatelogic.com> = wrote: > In message d6a5d6b8-1630-3095-dd0b-22b49213176e@grosbein.net, > Eugene Grosbein eugen@grosbein.net wrote: > > > 18.06.2019 10:10, Ronald F. Guilmette wrote: > > > > > How can I turn off IPv6 entirely without rebuilding the kernel? > > > > You cannot. GENERIC kernel specifically enables IPv6 support and you ne= ed to > > disable it at compile time. > > And if you do, you better rebuild the world too using WITHOUT_INET6=3Dy= es in the > > /etc/src.conf > > or else some utilities compiled with INET6 by default will query kernel > > for IPv6-specific data (like routing entries) and complain that your ke= rnel does > > not know about it. > > World built WITHOUT_INET6 has no such rough edges. > > OK, so I obviously expressed myself badly. Let me try again. > > IPv6 support is enabled in a the stock kernel. OK. Fine. But just because > that feature is present in the kernel, that does not imply that anything = in > userland -has- to actually make any use of it at all. > > Something is doing ifconfig on my loopback (lo0) interface. What is that > thing and how can I get it to stop doing that? > > As I have already learned, the /etc/rc.firewall script also assumes both = the > presence of, and the desirability of IPv6 support. And unless one edits t= hat > file manually... which I have been effectively forced to do... there is n= o way > to get it to simply NOT create and install multiple IPv6-related ipfw rul= es, > EVEN THOUGH in my particular situation... which is still the most common = case... > those extra and entirely superfluous IPv6 ipfw filtering rules are servin= g > no earthly purpose whatsoever and are only cluttering up my ipfw rule set= , > thus pointlessly making it harder for me to grok and maintain them all. > > Clearly, if doesn't have to be this way. Some maintainers just decided th= at > I and all other IPv4-only users should get stuck dealing with a lot of us= eless, > unnecessary and distracting IPv6 stuff, whether I like it or not, and pre= sumably > for our own good. > > I really wish that maintainers would allow me a bit more freedom, and sho= w > me the courtesy and respect to allow me to decide for myself what is and = what > isn't "for my own good". > > I can and will most certainly get down and grovel around in the various > /etc/rc.d/ scripts and will comment out those parts that do things like > ifconfig'ing my loopback interface for IPv6, whether I like it or not. > But there ought to be some single /etc/rc.conf variable via which one cou= ld > simply select the "No, I don't want to have to deal with IPv6 at all righ= t > now" option. > > Is that really an unreasonable hope, expectation, and request? > > I understand that the kernel will still -offer- the IPv6 support. But if = no > -other- software on my system actually takes the kernel up on that offer, > then the kernel's IPv6 support becomes like the tree that falls in the > forrest when there is nobody around to hear it. It might as well be said > that it makes no sound, and no difference to anything at all. > > It is clearly not necessary for me or anyone else to have to rebuild the > kernel... and world... just in order to get rid of what are, for the > majority of users here in 2019, still a bunch of utterly superfluous IPv6 > "features" that (a) do not help us one iota and that (b) are all just a > big and pointless distraction that muddles everything and unnecessarily > complicates and complexifies ordinary system maintenance tasks. > > IPv6 is great and I'm sure I'll be using it someday. But today is not tha= t > day... not for me, and also not for one hell of a lot of other users. The > fact that I and others are effectively being forced to even think about i= t, > due to an absence of reasonable and easily accessible userland options, i= s > actually a big turn-off, and leaves a bad taste in the mouth which will > be remembered, in future, at every mention of IPv6. I hope that all of th= e > IPv6 evanglists will take a moment to stop and think about that, and that > they'll stop effectively forcing those of us who don't need it to both us= e > IPv6 and to think about it, whether we like it or not, and before we are = ready, > willing, and able to do so. > > Regards, > rfg > > P.S. In case I have again failed to be clear, I am proposing a new /etc/r= c.conf > option. Something simple and intutive like: > > ipv6=3D"NO" > > That in turn should be checked -and- respected by all relevant /etc/rc,d/ > scripts. > > I ask again, is this really such an unreasonable thing to hope for? You can just block ipv6 once and for all with your firewall. I wanted to disable ipv6 on a machine and the only thing I did was to add "block quick inet6" on top of my pf rules. I guess ipfw has a similar rule. This does not solve your issue with ifconfig, but as you understood it will= not remove ipv6 support from your kernel either. It will just drop any inet6 pa= cket as soon as it arrives on your system. If you want to disable ipv6, then firewall it. If you want to remove any ip= v6 support then, as already stated, you must rebuild from sources (both kernel and world). Lorenzo Salvadore.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?osfidavETPv_k8mIOOmWi54rn6Rd5D06sX4Bk7vbwFIb27vsmyjzH9V1iPKwkF0BDDPIdXYinOB4MG8KiajCKxRv7_tKjFfgSUq1MCYaBgg=>