Re: IPV6 issues

[Leonardo Taccari <iamleot%gmail.com@localhost>]

Hello Bob,

On Wed, Apr 16, 2014 at 02:14:31PM -0500, Bob Nestor wrote:
> However my connection to my ISP doesn't support IPV6 so I'd like to disable 
> it at least for the time being.  I can't find any sysctl knob to do this but 
> I found an article that says the way to do this is with NPF.  The article 
> indicates the way to do this is to add these two rules to the default group:
>       block in inet6
>       block out inet6
> But these lines give syntax errors when I attempt an "npfctl reload".  
> Looking at the npf.conf documentation seems to indicate that the proper 
> syntax (for the npf variant in 6.1.3) should be:
>       block in family inet6
>       block out family inet6
> But that also gives a syntax error.
> 
> So I dropped back and decided that at least for the time being I'd build a 
> kernel that doesn't have IPV6.   I commented out the "options INET6" line in 
> GENERIC and tried building the kernel.  That fails during link with an 
> unresolved reference to "stfattach".
> 
> My simple question is therefore, what's an easy way of disabling IPV6 in the 
> GENERIC kernel?
In my npf.conf I specified to every pass rule (except on lo0) the
"family inet" flag and in this way it works without any problem (and I have
a "block all" rule at the end).

Maybe this thread could be interesting for you:

 http://mail-index.netbsd.org/netbsd-users/2012/06/27/msg010930.html

IIRC there should be also a patch to /etc/rc.d/network in order to disable
IPv6 without recompiling the kernel (I think that it disable setting
link-local address that by default is enabled as noted by Thor).


HTH,
L.