At Sun, 16 Nov 2025 18:18:00 +0100 (CET), Jarle Greipsland <jarle.greipsland%norid.no@localhost> wrote:
Subject: Re: Is it possible to completely disable ipv6 in NetBSD 10
>
> You may have to perform the 'ndp -i $interface disabled' command
> before the interface is brought up. On a couple of my own
> systems, I have added a similar ndp command as the first line in
> a number of ifconfig.tapX-files, with the Ã'up command further
> down in the file, and no IPv6 link-local address is generated for
> these interfaces.
Ah ha! Thank you!
Yes, that works perfectly.
Moving the call above the rest of the interface configuration avoids
assignment of the link-local address in the first place, but keeping the
deletion loop would allow one to set "ip6mode=off" and then run
"/etc/rc.d/network restart".
--
Greg A. Woods <gwoods%acm.org@localhost>
Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
--- etc/rc.d/network.~1.85.~ 2021-03-07 15:43:39.000000000 -0800
+++ etc/rc.d/network 2025-11-17 22:49:42.184696226 -0800
@@ -30,7 +30,7 @@
have_inet6()
{
- /sbin/ifconfig lo0 inet6 >/dev/null 2>&1
+ [ $ip6mode != "off" ] && /sbin/ifconfig lo0 inet6 >/dev/null 2>&1
}
network_start()
@@ -43,14 +43,14 @@
network_start_domainname
network_start_loopback
have_inet6 &&
- network_start_ipv6_route
+ network_start_ipv6_route
[ "$net_interfaces" != NO ] &&
- network_start_interfaces
+ network_start_interfaces
network_start_aliases
network_start_defaultroute
network_start_defaultroute6
have_inet6 &&
- network_wait_dad
+ network_wait_dad
network_start_resolv
network_start_local
}
@@ -185,6 +185,10 @@
;;
autohost)
+ # xxx this seems a bit aggressive since ifconfig.if(5) also
+ # allows dhcpcd to be started.... And "rtsol", though it
+ # doesn't seem to quite mean what it says, can also be set via
+ # ifconfig.if(5)...
if ! checkyesno dhcpcd; then
warn "rtsol and kernel ra handling have been removed"
warn "please configure dhcpcd in its place."
@@ -216,7 +220,7 @@
# /etc/ifconfig.xxN file, we ignore comments and blank lines,
# treat lines beginning with "!" as commands to execute, treat
# "dhcp" as a special case to invoke dhcpcd, treat "rtsol" as
- # a special case to send a router solicitation, and for any other
+ # a special case to send a router solicitation(???), and for any other
# line we run "ifconfig xxN", using each line of the file as the
# arguments for a separate "ifconfig" invocation.
#
@@ -280,6 +284,48 @@
fi
fi
+ if [ $ip6mode = "off" ]; then
+ #
+ # disable IPv6 for the interface
+ #
+ # Note dhcpcd, if used, should only be used with "-4" in
+ # this mode in case the server answers with IPv6
+ # addresses.
+ #
+ # This is necessary to prevent the likes of X11 clients
+ # from trying to use an IPv6 link-local address to
+ # connect to a neighbouring server, e.g. when mDNS
+ # answers have link-local addresses.
+ #
+ /usr/sbin/ndp -i $int disabled >/dev/null
+ #
+ # remove the automatically added inet6 addresses
+ # (specifically the automatically added "link-local"
+ # address.
+ #
+ # XXX this is probably not necessary, i.e. not going to
+ # do anything, with the "ndp disabled" above, but it
+ # could be useful if one wanted to run
+ # "/etc/rc.d/network restart" after setting
+ # "ip6mode=off"
+ #
+ for ip6addr in $(/sbin/ifconfig $int |
+ while read word arg stuff
+ do
+ case $word in
+ inet6)
+ printf '%s\n' "${arg}"
+ ;;
+ esac
+ done
+ )
+ do
+ /sbin/ifconfig $int inet6 delete "$ip6addr"
+ done
+ fi
+
+ # Configure the interface
+ #
# If $ifconfig_xxN is empty, then use
# /etc/ifconfig.xxN, which we know exists due to
# an earlier test.
Attachment:
pgpU52gD4Lst4.pgp
Description: OpenPGP Digital Signature