Eliminating IPv6 (?)

Tue Jun 18 08:23:10 UTC 2019

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday 18 June 2019 09:44, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:

> In message d6a5d6b8-1630-3095-dd0b-22b49213176e at grosbein.net,
> Eugene Grosbein eugen at grosbein.net wrote:
>
> > 18.06.2019 10:10, Ronald F. Guilmette wrote:
> >
> > > How can I turn off IPv6 entirely without rebuilding the kernel?
> >
> > You cannot. GENERIC kernel specifically enables IPv6 support and you need to
> > disable it at compile time.
> > And if you do, you better rebuild the world too using WITHOUT_INET6=yes in the
> > /etc/src.conf
> > or else some utilities compiled with INET6 by default will query kernel
> > for IPv6-specific data (like routing entries) and complain that your kernel does
> > not know about it.
> > World built WITHOUT_INET6 has no such rough edges.
>
> OK, so I obviously expressed myself badly. Let me try again.
>
> IPv6 support is enabled in a the stock kernel. OK. Fine. But just because
> that feature is present in the kernel, that does not imply that anything in
> userland -has- to actually make any use of it at all.
>
> Something is doing ifconfig on my loopback (lo0) interface. What is that
> thing and how can I get it to stop doing that?
>
> As I have already learned, the /etc/rc.firewall script also assumes both the
> presence of, and the desirability of IPv6 support. And unless one edits that
> file manually... which I have been effectively forced to do... there is no way
> to get it to simply NOT create and install multiple IPv6-related ipfw rules,
> EVEN THOUGH in my particular situation... which is still the most common case...
> those extra and entirely superfluous IPv6 ipfw filtering rules are serving
> no earthly purpose whatsoever and are only cluttering up my ipfw rule set,
> thus pointlessly making it harder for me to grok and maintain them all.
>
> Clearly, if doesn't have to be this way. Some maintainers just decided that
> I and all other IPv4-only users should get stuck dealing with a lot of useless,
> unnecessary and distracting IPv6 stuff, whether I like it or not, and presumably
> for our own good.
>
> I really wish that maintainers would allow me a bit more freedom, and show
> me the courtesy and respect to allow me to decide for myself what is and what
> isn't "for my own good".
>
> I can and will most certainly get down and grovel around in the various
> /etc/rc.d/ scripts and will comment out those parts that do things like
> ifconfig'ing my loopback interface for IPv6, whether I like it or not.
> But there ought to be some single /etc/rc.conf variable via which one could
> simply select the "No, I don't want to have to deal with IPv6 at all right
> now" option.
>
> Is that really an unreasonable hope, expectation, and request?
>
> I understand that the kernel will still -offer- the IPv6 support. But if no
> -other- software on my system actually takes the kernel up on that offer,
> then the kernel's IPv6 support becomes like the tree that falls in the
> forrest when there is nobody around to hear it. It might as well be said
> that it makes no sound, and no difference to anything at all.
>
> It is clearly not necessary for me or anyone else to have to rebuild the
> kernel... and world... just in order to get rid of what are, for the
> majority of users here in 2019, still a bunch of utterly superfluous IPv6
> "features" that (a) do not help us one iota and that (b) are all just a
> big and pointless distraction that muddles everything and unnecessarily
> complicates and complexifies ordinary system maintenance tasks.
>
> IPv6 is great and I'm sure I'll be using it someday. But today is not that
> day... not for me, and also not for one hell of a lot of other users. The
> fact that I and others are effectively being forced to even think about it,
> due to an absence of reasonable and easily accessible userland options, is
> actually a big turn-off, and leaves a bad taste in the mouth which will
> be remembered, in future, at every mention of IPv6. I hope that all of the
> IPv6 evanglists will take a moment to stop and think about that, and that
> they'll stop effectively forcing those of us who don't need it to both use
> IPv6 and to think about it, whether we like it or not, and before we are ready,
> willing, and able to do so.
>
> Regards,
> rfg
>
> P.S. In case I have again failed to be clear, I am proposing a new /etc/rc.conf
> option. Something simple and intutive like:
>
> ipv6="NO"
>
> That in turn should be checked -and- respected by all relevant /etc/rc,d/
> scripts.
>
> I ask again, is this really such an unreasonable thing to hope for?

You can just block ipv6 once and for all with your firewall.
I wanted to disable ipv6 on a machine and the only thing I did was to add
"block quick inet6" on top of my pf rules. I guess ipfw has a similar rule.

This does not solve your issue with ifconfig, but as you understood it will not
remove ipv6 support from your kernel either. It will just drop any inet6 packet
as soon as it arrives on your system.
If you want to disable ipv6, then firewall it. If you want to remove any ipv6
support then, as already stated, you must rebuild from sources (both kernel
and world).

Lorenzo Salvadore.