[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Correct way to not load ipv6 module f8/9?



On Fri, Mar 21, 2008 at 09:12:57AM -0400, Steve Grubb wrote:
> On Thursday 20 March 2008 20:33:28 Jerry Williams wrote:
> > I don't need ipv6 and I tried adding the lines to /etc/modprobe.conf to not
> > load it but it still happens.
> >
> > So what is the correct way to not load the ipv6 module?
> 
> This is the guidance I'm passing out in our security documents:
> 
> 1) Create a file /etc/modprobe.d/no-ipv6
> 2) Add inside it
>     install ipv6 /bin/true
> 3) Close up and reboot

Why not just firewall it?

/etc/sysconfig/ip6tables:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]