diff options
-rw-r--r-- | templates/system/ipv6/disable-forwarding/node.def | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/templates/system/ipv6/disable-forwarding/node.def b/templates/system/ipv6/disable-forwarding/node.def index 5a7576c3..2c8f4ac5 100644 --- a/templates/system/ipv6/disable-forwarding/node.def +++ b/templates/system/ipv6/disable-forwarding/node.def @@ -1,3 +1,25 @@ -help: Disable IPv6 forwarding -create: sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/all/forwarding" -delete: sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" +help: Disable IPv6 forwarding on all interfaces + +# Disable IPv6 forwarding for all interfaces we currently have, +# and set default such that it will be disabled on any new interfaces +# that come up after this. +create: + sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/all/forwarding" + sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/default/forwarding" + +# Re-enable IPv6 forwarding globally. But only enable it for those +# interfaces that do not have forwarding disabled on a per-interface +# basis. A per-interface flag file under /var/run/vyatta/ tells us if +# it is disabled. Restore default value so that any new interfaces +# that come up after this will have forwarding enabled. +delete: + cd /proc/sys/net/ipv6/conf + for i in * ; do + if [ "$i" = "default" -o "$i" = "all" -o ! -d "$i" ]; then + continue + fi + if [ ! -e /var/run/vyatta/ipv6_no_fwd.$i ]; then + sudo sh -c "echo 1 > $i/forwarding" + fi + done + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/forwarding" |