Hi,

On 12 June 2013 15:18, Trent W. Buck <trentbuck@gmail.com> wrote:

John Mann <john.mann@monash.edu> writes:

> I would control traffic by giving ppp0, ip6test, and lo interfaces
> IPv6 addresses, and not giving IPv6 addresses to the interfaces you do
> not want to send/receive IPv6 traffic.

IME if you enable IPv6 in the kernel, EVERY up interface will have an
IPv6 address (the link-local one, I suppose).

What happens with interfaces depend upon how they are configured

debian v. Red Hat etc etc

I just checked on Ubuntu 12.10

---

$ sysctl -a | grep ipv6.*disable

net.ipv6.conf.all.disable_ipv6 = 0

net.ipv6.conf.default.disable_ipv6 = 0

net.ipv6.conf.eth0.disable_ipv6 = 0

net.ipv6.conf.eth1.disable_ipv6 = 0

net.ipv6.conf.lo.disable_ipv6 = 0

$ sysctl net.ipv6.conf.eth1.disable_ipv6=1

deleted all IPv6 addresses from eth1, including the link-local addresses.

> Also, without IPv6 enabled, it won't receive IPv6 packets on those
> interfaces.

Are you asserting that if IPv6 is enabled in-kernel, but an interface
has no IPv6 address, IPv6 traffic arriving on that interface will be
dropped on the floor? What about broadcast traffic?

I am asserting that without IPv6 enabled, any IPv6 packets won't be passed up to the networking stack.

But, I'm a networking guy, and my priority is to enable things wherever I can,

rather than a security guy, whose priority is to block everything that isn't essential.

John