At Fri, 14 Nov 2025 18:08:53 +0700, Robert Elz <kre%munnari.OZ.AU@localhost> wrote:
Subject: Re: Is it possible to completely disable ipv6 in NetBSD 10
>
> | + /usr/sbin/ndp -i $int disabled >/dev/null
> | + for lladdr in $(/sbin/ifconfig $int | awk '$1 == "inet6" {print $2}'); do
> | + /sbin/ifconfig $int inet6 delete $lladdr
> | + done
>
>
> We won't be putting uses of awk in rc.d/netstart - after all, /usr (where
> awk lives) might be a shared remote filesystem mounted over the network.
Oops! Yes, sorry, that's not so good!
Once upon a time I thought awk was important enough to live in /bin, but
I gave up on defending that hill after I gave up on having a separate
/usr. :-)
> But in any case, for what it is being used for here, it is *way* overkill.
> (sed would be better if an external tool were needed, but it has the same
> issue wrt being able to be found.)
>
> IFS=$'\n'
> for lladdr in $(/sbin/ifconfig "$int" |
> while read word arg stuff
> do
> case $word in
> (inet6) printf '%s\n' "${arg}";;
> esac
> done )
> do
> /sbin/ifconfig "$int" inet6 delete "$lladdr"
> done
> unset IFS
>
> should work, shouldn't it ? (Uses nothing but ifconfig & sh builtins).
That looks much better, and it works well, thanks! (My variable naming
needs improving though.)
> We should also have a similar mechanism to delete IPv4 of course.
Hmmmm.... maybe....
On the other hand there is no automatic configuration of IPv4 addresses
on (non-loopback) interfaces and there is no such concept of an IPv4
link-local address and there's no built-in NDP, though I guess IPv6 NDP
is the logical equivalent of ARP?
So for hosts "disabling" IPv4 can be handled by simply never manually
configuring any IPv4 addresses and, if using DHCP:
ip6mode=autohost
dhcpcd=YES dhcpcd_flags="-6"
else leaving ip6mode with its default of "host" and manually configuring
one or more IPv6 addresses on the relevant interface(s).
ARP is effectively disabled (never used) if there's no IPv4 addresses on
any non-loopback interface, no default IPv4 route, and no attempt is
made to ever transmit IPv4 on any of those interfaces, no?
I'm less sure about routers, but I would normally expect them to
still regularly need to support both IPv4 and IPv6.
I do currently have one bare-metal host that has access to IPv6 on my
network so I should be able to test "turning off" IPv4 on it.
--
Greg A. Woods <gwoods%acm.org@localhost>
Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgp9Ab4s7ewdE.pgp
Description: OpenPGP Digital Signature