Eliminating IPv6 (?)
doug
doug at fledge.watson.org
Sun Jun 23 22:12:54 UTC 2019
On Sun, 23 Jun 2019, Brian Wood wrote:
> Freddie Cash writes:
>>
>> You've been given the tools to do exactly what you want:
>> - comment out IPv6 support in the kernel config file
>> - add WITHOUT_IPV6=yes to /etc/src.conf
>> - rebuild the world and kernel
>
> I'm interested in this subject as an entrepreneur with
> a boutique on-line service. I followed the above and
> it boots and 'netstat -r' no longer says anything about
> IPv6.
> I found section 23.5.1 on this page:
> https://www.freebsd.org/doc/handbook/makeworld.html
>
> to be confusing. I'm not sure if that is out of date, but
> the 'make -j4 kernel'
> is different than make buildkernel
> and it says to reboot before running 'make installworld'.
>
> I'm not sure if it matters but I did 'make buildkernel ...'
> before 'make buildworld'. Then I installed both and
> then rebooted. I tried to get away with just rebuilding
> the kernel and installing that, but that didn't work.
>
> Anyway, I'm glad I was able to do this and bring it up
> in the hope that ground-up entrepreneurs will not be
> dismissed by FreeBSD. IPv6 is a headache for mom
> & pop shops.
I've got a bit of a different take on this. It seems to me that starting with
the rewrite of the network stack to remove the giant (right term??) lock and
making almost all drivers available via kldload the goal has been to remove the
necessity to compile your own kernel (at least for guys like me). I'm more of a
[grand] mom and pop shop, anyway, I can not find any left over files to clue me
as to when I last compiled a kernel. Given all platforms and difficulty in
debugging all the variability of having a billion or so packets arrive randomly
on systems with 1-32 cores and different processor speeds I am happiest running
the code that is the most used. Maybe the theory of correctness makes debugging
better than when I was doing this s--t. If so links would be much appreciated.
I use sshguard with inetd on jails and IPFW on the hosts and can see no
measurable overhead with inetd much less IPFW. All my servers run only internet
services of some sort so in processor time it's days maybe months (relatively
speaking) between network interrups. So unless one is doing some processor heavy
application that also has a real-time response requirement I do not see that
much benefit from compiling a kernel just to get rid of IPV6 packets. As someone
pointed out we can not be sure our "friendly" IPSs maybe sending them our way.
Note even though there are not any "?" in this, it is essentially a long
question. Thanks for any comments, thoughts, ...
Doug
More information about the freebsd-questions
mailing list