Re: Is it possible to completely disable ipv6 in NetBSD 10

["Greg A. Woods" <woods%planix.ca@localhost>]

At Sat, 15 Nov 2025 08:12:17 +0700, Robert Elz <kre%munnari.OZ.AU@localhost> wrote:
Subject: Re: Is it possible to completely disable ipv6 in NetBSD 10
>
>   | should work, shouldn't it ?
>
> No, it shouldn't - the two IFS related lines (first & last)
> were a last minute addition, and a complete brain fade.
>
> Ignore those.

I mostly did ignore them -- I only tested the loop inside the command
substitution because I knew the outer loop worked from my previous tests
with the awk hack.

I wondered what they were for, and I didn't even copy them into my edits
and thought I'd look at them later, but your followup message arrived
before I had the chance.

Below is what I have now, and include some style adjustments to try to
match the rest of the script.

--
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>


--- etc/rc.d/network.~1.85.~	2021-03-07 15:43:39.000000000 -0800
+++ etc/rc.d/network	2025-11-15 21:14:54.774400241 -0800
@@ -30,7 +30,7 @@

 have_inet6()
 {
-	/sbin/ifconfig lo0 inet6 >/dev/null 2>&1
+	[ $ip6mode != "off" ] && /sbin/ifconfig lo0 inet6 >/dev/null 2>&1
 }

 network_start()
@@ -43,14 +43,14 @@
 	network_start_domainname
 	network_start_loopback
 	have_inet6 &&
-	network_start_ipv6_route
+	    network_start_ipv6_route
 	[ "$net_interfaces" != NO ] &&
-	network_start_interfaces
+	    network_start_interfaces
 	network_start_aliases
 	network_start_defaultroute
 	network_start_defaultroute6
 	have_inet6 &&
-	network_wait_dad
+	    network_wait_dad
 	network_start_resolv
 	network_start_local
 }
@@ -345,6 +345,35 @@
 				;;
 			esac
 		done
+		if [ $ip6mode = "off" ]; then
+			# disable IPv6 and remove the automatically added inet6
+			# addresses (specifically the automatically added
+			# "link-local" address.
+			#
+			# Note dhcpcd, if used, should only be used with "-4" in
+			# this mode in case the server answers with IPv6
+			# addresses.
+			#
+			# This is necessary to prevent the likes of X11 clients
+			# from trying to use IPv6 to connect to a neighbouring
+			# server, e.g. when mDNS answers have link-local
+			# addresses.
+			#
+			/usr/sbin/ndp -i $int disabled >/dev/null
+			for ip6addr in $(/sbin/ifconfig $int |
+					while read word arg stuff
+					do
+						case $word in
+						inet6)
+							printf '%s\n' "${arg}"
+							;;
+						esac
+					done
+				)
+			do
+				/sbin/ifconfig $int inet6 delete "$ip6addr"
+			done
+		fi
 		configured_interfaces="$configured_interfaces $int"
 	done
 	echo "."

Attachment: pgptMecW60Jc7.pgp
Description: OpenPGP Digital Signature