Disabling IPv6 on one NIC

[Aleksandar Milivojevic]

buntschu wrote:
> Hi,
> 
> On a system running FC3 I have 2 NIC cards. I would like to activate IPv6 only on one card and only IPv4 on the other one.

As soon as ipv6 kernel module is loaded, it will assign link local IPv6 
addresses to all interfaces on the system.  There's nothing you can do 
about it.  Basically, that is what it is supposed to do.  Since link 
local addresses are not routable, and there isn't much usefull you can 
do with them, you can simply ignore the fact that your eth0 has it assigned.

The settings you have in ifcfg-eth0 should prevent that interface from 
getting any other kind of IPv6 address (that might be routable).

If you are paranoid about it, simply configure ip6tables to block 
anything you might not want.  Something like this in 
/etc/sysconfig/ip6tables should do the trick in your case (of only two 
NIC cards):

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i eth1 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT

You'll need ip6tables package installed, and ip6tables service enabled 
for this to work.

As Alexander suggested, you can also manually delete link local IPv6 
address from the interface.  However, since ipv6 module is loaded 
on-demand, you never know exactly when it is going to be loaded, so you 
don't know exactly when those addresses will be assigned to the interfaces.

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7