Eliminating IPv6 (?)

doug doug at fledge.watson.org
Sun Jun 23 22:12:54 UTC 2019

On Sun, 23 Jun 2019, Brian Wood wrote:

> Freddie Cash writes:
>> You've been given the tools to do exactly what you want:
>>  - comment out IPv6 support in the kernel config file
>>  - add WITHOUT_IPV6=yes to /etc/src.conf
>>  - rebuild the world and kernel
> I'm interested in this subject as an entrepreneur with
> a boutique on-line service.    I followed the above and
> it boots and 'netstat -r' no longer says anything about
> IPv6.
> I found section 23.5.1 on this page:
> https://www.freebsd.org/doc/handbook/makeworld.html
> to be confusing.  I'm not sure if that is out of date, but
> the 'make -j4 kernel'
> is different than make buildkernel
> and it says to reboot before running 'make installworld'.
> I'm not sure if it matters but I did 'make buildkernel ...'
> before 'make buildworld'.  Then I installed both and
> then rebooted.  I tried to get away with just rebuilding
> the kernel and installing that, but that didn't work.
> Anyway, I'm glad I was able to do this and bring it up
> in the hope that ground-up entrepreneurs will not be
> dismissed by FreeBSD.  IPv6 is a headache for mom
> & pop shops.

I've got a bit of a different take on this. It seems to me that starting with 
the rewrite of the network stack to remove the giant (right term??) lock and 
making almost all drivers available via kldload the goal has been to remove the 
necessity to compile your own kernel (at least for guys like me). I'm more of a 
[grand] mom and pop shop, anyway, I can not find any left over files to clue me 
as to when I last compiled a kernel. Given all platforms and difficulty in 
debugging all the variability of having a billion or so packets arrive randomly 
on systems with 1-32 cores and different processor speeds I am happiest running 
the code that is the most used. Maybe the theory of correctness makes debugging 
better than when I was doing this s--t. If so links would be much appreciated.

I use sshguard with inetd on jails and IPFW on the hosts and can see no 
measurable overhead with inetd much less IPFW. All my servers run only internet 
services of some sort so in processor time it's days maybe months (relatively 
speaking) between network interrups. So unless one is doing some processor heavy 
application that also has a real-time response requirement I do not see that 
much benefit from compiling a kernel just to get rid of IPV6 packets. As someone 
pointed out we can not be sure our "friendly" IPSs maybe sending them our way.

Note even though there are not any "?" in this, it is essentially a long 
question. Thanks for any comments, thoughts, ...


More information about the freebsd-questions mailing list