| Author |
Message |
markb1439
Joined: 01 Feb 2011
Posts: 5
|
| Posted: Tue Feb 01, 2011 3:59 am Post subject: Disable ipv6 |
|
|
Hi,
I'm new here so please be gentle...
I'm setting up a cPanel DNS Only server. When I run the CSF firewall security check, I get a message that ipv6 seems to be enabled, and therefore I should implement a few measures for security (ip6tables, etc.).
However, I don't see a need to even use ipv6, and I am not sure it's even fully supported here. It seems to me that it might be easier just to disable it. Is this possible, and if so, how?
My Linode is CentOS 5.5 32-bit.
Thanks,
Mark |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1400
Location: Earth
|
| Posted: Tue Feb 01, 2011 12:53 pm Post subject: |
|
|
| See http://wiki.centos.org/FAQ/CentOS5#head-47912ebdae3b5ac10ff76053ef057c366b421dc4 |
|
| Back to top |
|
markb1439
Joined: 01 Feb 2011
Posts: 5
|
| Posted: Tue Feb 01, 2011 5:09 pm Post subject: |
|
|
Thanks. I was familiar with this in general, however:
Quote: Edit /etc/sysconfig/network and set "NETWORKING_IPV6" to "no"
On my Linode this line wasn't in /etc/sysconfig/network, as it is on other servers.
Should I just create it (set to "no" of course) and then follow the rest of the instructions?
Thanks. |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1400
Location: Earth
|
| Posted: Tue Feb 01, 2011 8:41 pm Post subject: |
|
|
| Give it a go, I don't know how centos manages ipv6 see if it works if it doesn't yell and someone with more centos knowledge will probably pop up. |
|
| Back to top |
|
oak
Joined: 14 Feb 2010
Posts: 22
|
| Posted: Tue Feb 01, 2011 11:07 pm Post subject: |
|
|
This worked for Debian Lenny. I don't know about Centos.
http://www.cyberciti.biz/tips/linux-how-to-disable-the-ipv6-protocol.html#comment-154806
Add these lines to /etc/sysctl.conf
#disable ipv6
net.ipv6.conf.all.disable_ipv6=1
and run
Code: sysctl -p /etc/sysctl.conf |
|
| Back to top |
|
markb1439
Joined: 01 Feb 2011
Posts: 5
|
| Posted: Wed Feb 02, 2011 11:47 am Post subject: |
|
|
On further research I've seen that disabling it might cause issues.
Am I better off leaving it active and just using ip6tables? I'd really prefer not to have something active on my Linode if it isn't being used, but I wonder if this is the best way. |
|
| Back to top |
|
waldo
Joined: 21 May 2009
Posts: 336
|
| Posted: Wed Feb 02, 2011 11:49 am Post subject: |
|
|
| Is there actually an IPV6 address assigned to your Linode? |
|
| Back to top |
|
markb1439
Joined: 01 Feb 2011
Posts: 5
|
| Posted: Wed Feb 02, 2011 7:12 pm Post subject: |
|
|
>> Is there actually an IPV6 address assigned to your Linode?
Not that I know of. I'm still new here so I'm not sure what goes on under the hood. But I just see the IPV4 address.
I've still heard that IPV6 should be deactivated if not in use...I'm no longer sure how true that is.
Thanks. |
|
| Back to top |
|
obs
Joined: 07 Mar 2010
Posts: 1400
Location: Earth
|
| Posted: Thu Feb 03, 2011 12:52 am Post subject: |
|
|
If it ain't broke don't fix it.
If ipv6 being enabled isn't causing you problems leave it alone. |
|
| Back to top |
|
mnordhoff
Joined: 03 May 2008
Posts: 451
|
| Posted: Thu Feb 03, 2011 1:26 am Post subject: |
|
|
| Since you don't actually have any IPv6 connectivity, the only danger is from localhost. It'd be pretty easy to set up a couple firewall rules to kill all IPv6 traffic other than localhost, not that any exists in the first place. |
|
| Back to top |
|
markb1439
Joined: 01 Feb 2011
Posts: 5
|
| Posted: Thu Feb 03, 2011 1:34 am Post subject: |
|
|
| Thanks to everyone! |
|
| Back to top |
|
| |
