From owner-freebsd-questions@freebsd.org Tue Jun 18 08:23:10 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61CC215AFB32 for ; Tue, 18 Jun 2019 08:23:10 +0000 (UTC) (envelope-from phascolarctos@protonmail.ch) Received: from mail1.protonmail.ch (mail1.protonmail.ch [185.70.40.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.protonmail.ch", Issuer "SwissSign Server Silver CA 2014 - G22" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1613297D39 for ; Tue, 18 Jun 2019 08:23:08 +0000 (UTC) (envelope-from phascolarctos@protonmail.ch) Date: Tue, 18 Jun 2019 08:22:53 +0000 To: FreeBSD Questions From: Lorenzo Salvadore Reply-To: Lorenzo Salvadore Subject: Re: Eliminating IPv6 (?) Message-ID: In-Reply-To: <18748.1560843874@segfault.tristatelogic.com> References: <18748.1560843874@segfault.tristatelogic.com> Feedback-ID: X6az_D2smWSR8MT5MHqXnWF0upxehDyHia7Id1cbayHNBUkRu3CIeusDsZHiivIIjmaKB1_OofpALrRUYjNz3w==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.protonmail.ch X-Rspamd-Queue-Id: 1613297D39 X-Spamd-Bar: ------- X-Spamd-Result: default: False [-7.68 / 15.00]; HAS_REPLYTO(0.00)[phascolarctos@protonmail.ch]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[protonmail.ch:+]; MX_GOOD(-0.01)[mailsec.protonmail.ch,mail.protonmail.ch]; DMARC_POLICY_ALLOW(-0.50)[protonmail.ch,quarantine]; NEURAL_HAM_SHORT(-0.91)[-0.911,0]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-3.66)[ip: (-9.42), ipnet: 185.70.40.0/24(-4.89), asn: 19905(-3.91), country: US(-0.06)]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_LOW(-0.10)[18.40.70.185.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:19905, ipnet:185.70.40.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[protonmail.ch:s=default]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[protonmail.ch.dwl.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2019 08:23:10 -0000 =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Tuesday 18 June 2019 09:44, Ronald F. Guilmette = wrote: > In message d6a5d6b8-1630-3095-dd0b-22b49213176e@grosbein.net, > Eugene Grosbein eugen@grosbein.net wrote: > > > 18.06.2019 10:10, Ronald F. Guilmette wrote: > > > > > How can I turn off IPv6 entirely without rebuilding the kernel? > > > > You cannot. GENERIC kernel specifically enables IPv6 support and you ne= ed to > > disable it at compile time. > > And if you do, you better rebuild the world too using WITHOUT_INET6=3Dy= es in the > > /etc/src.conf > > or else some utilities compiled with INET6 by default will query kernel > > for IPv6-specific data (like routing entries) and complain that your ke= rnel does > > not know about it. > > World built WITHOUT_INET6 has no such rough edges. > > OK, so I obviously expressed myself badly. Let me try again. > > IPv6 support is enabled in a the stock kernel. OK. Fine. But just because > that feature is present in the kernel, that does not imply that anything = in > userland -has- to actually make any use of it at all. > > Something is doing ifconfig on my loopback (lo0) interface. What is that > thing and how can I get it to stop doing that? > > As I have already learned, the /etc/rc.firewall script also assumes both = the > presence of, and the desirability of IPv6 support. And unless one edits t= hat > file manually... which I have been effectively forced to do... there is n= o way > to get it to simply NOT create and install multiple IPv6-related ipfw rul= es, > EVEN THOUGH in my particular situation... which is still the most common = case... > those extra and entirely superfluous IPv6 ipfw filtering rules are servin= g > no earthly purpose whatsoever and are only cluttering up my ipfw rule set= , > thus pointlessly making it harder for me to grok and maintain them all. > > Clearly, if doesn't have to be this way. Some maintainers just decided th= at > I and all other IPv4-only users should get stuck dealing with a lot of us= eless, > unnecessary and distracting IPv6 stuff, whether I like it or not, and pre= sumably > for our own good. > > I really wish that maintainers would allow me a bit more freedom, and sho= w > me the courtesy and respect to allow me to decide for myself what is and = what > isn't "for my own good". > > I can and will most certainly get down and grovel around in the various > /etc/rc.d/ scripts and will comment out those parts that do things like > ifconfig'ing my loopback interface for IPv6, whether I like it or not. > But there ought to be some single /etc/rc.conf variable via which one cou= ld > simply select the "No, I don't want to have to deal with IPv6 at all righ= t > now" option. > > Is that really an unreasonable hope, expectation, and request? > > I understand that the kernel will still -offer- the IPv6 support. But if = no > -other- software on my system actually takes the kernel up on that offer, > then the kernel's IPv6 support becomes like the tree that falls in the > forrest when there is nobody around to hear it. It might as well be said > that it makes no sound, and no difference to anything at all. > > It is clearly not necessary for me or anyone else to have to rebuild the > kernel... and world... just in order to get rid of what are, for the > majority of users here in 2019, still a bunch of utterly superfluous IPv6 > "features" that (a) do not help us one iota and that (b) are all just a > big and pointless distraction that muddles everything and unnecessarily > complicates and complexifies ordinary system maintenance tasks. > > IPv6 is great and I'm sure I'll be using it someday. But today is not tha= t > day... not for me, and also not for one hell of a lot of other users. The > fact that I and others are effectively being forced to even think about i= t, > due to an absence of reasonable and easily accessible userland options, i= s > actually a big turn-off, and leaves a bad taste in the mouth which will > be remembered, in future, at every mention of IPv6. I hope that all of th= e > IPv6 evanglists will take a moment to stop and think about that, and that > they'll stop effectively forcing those of us who don't need it to both us= e > IPv6 and to think about it, whether we like it or not, and before we are = ready, > willing, and able to do so. > > Regards, > rfg > > P.S. In case I have again failed to be clear, I am proposing a new /etc/r= c.conf > option. Something simple and intutive like: > > ipv6=3D"NO" > > That in turn should be checked -and- respected by all relevant /etc/rc,d/ > scripts. > > I ask again, is this really such an unreasonable thing to hope for? You can just block ipv6 once and for all with your firewall. I wanted to disable ipv6 on a machine and the only thing I did was to add "block quick inet6" on top of my pf rules. I guess ipfw has a similar rule. This does not solve your issue with ifconfig, but as you understood it will= not remove ipv6 support from your kernel either. It will just drop any inet6 pa= cket as soon as it arrives on your system. If you want to disable ipv6, then firewall it. If you want to remove any ip= v6 support then, as already stated, you must rebuild from sources (both kernel and world). Lorenzo Salvadore.