diff options
-rw-r--r-- | debian/changelog | 12 | ||||
-rwxr-xr-x | scripts/rl-system.init | 43 | ||||
-rw-r--r-- | sysconf/vyatta-sysctl.conf | 8 | ||||
-rw-r--r-- | templates/system/ipv6/disable/node.def | 10 |
4 files changed, 52 insertions, 21 deletions
diff --git a/debian/changelog b/debian/changelog index e3c51286..d43437f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +vyatta-cfg-system (0.15.81) unstable; urgency=low + + * Bugfix 4892: Add a config parameter to disable IPv6 + + -- Bob Gilligan <gilligan@vyatta.com> Wed, 23 Sep 2009 16:27:00 -0700 + +vyatta-cfg-system (0.15.80) unstable; urgency=low + + * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. + + -- Bob Gilligan <gilligan@vyatta.com> Tue, 22 Sep 2009 15:56:58 -0700 + vyatta-cfg-system (0.15.79) unstable; urgency=low * allow install on old compaq smart-array diff --git a/scripts/rl-system.init b/scripts/rl-system.init index e05e0564..3ca02ed2 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -135,23 +135,30 @@ create_ssh_host_keys () { set_ipv6_params () { - # default values for ipv6 parameters do not take effect for interfaces at boot - # time, so copy over default values to their interface specific parameter - ipv6_params=(accept_source_route accept_redirects) - num_ipv6_params=${#ipv6_params[*]} - i=0 - while [ $i -lt $num_ipv6_params ]; do - default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}` - array=(`ls /proc/sys/net/ipv6/conf/`) - array_len=${#array[*]} - j=0 - while [ $j -lt $array_len ]; do - sudo sh -c "echo $default_val > \ - /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}" - let j++ - done - let i++ - done + # default values for ipv6 parameters do not take effect for interfaces at + # boot time, so copy over default values to their interface specific + # parameter + + if [ ! -d /proc/sys/net/ipv6 ]; then + # Skip it if IPv6 is not loaded + return + fi + + ipv6_params=(accept_source_route accept_redirects) + num_ipv6_params=${#ipv6_params[*]} + i=0 + while [ $i -lt $num_ipv6_params ]; do + default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}` + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + j=0 + while [ $j -lt $array_len ]; do + sudo sh -c "echo $default_val > \ + /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}" + let j++ + done + let i++ + done } setup_ntp_config_file () { @@ -172,7 +179,7 @@ start () { setup_ntp_config_file add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" - sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf || + sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf || log_failure_msg "can\'t configure kernel settings" set_ipv6_params update_version_info diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 5b888a8c..1f270d92 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -31,9 +31,6 @@ net.ipv4.icmp_ignore_bogus_error_responses=1 # Send ICMP responses with primary address of exiting interface net.ipv4.icmp_errors_use_inbound_ifaddr=1 -# Enable packet forwarding for IPv6 -net.ipv6.conf.all.forwarding=1 - # Log packets with impossible addresses to kernel log net.ipv4.conf.all.log_martians=1 @@ -58,6 +55,11 @@ net.ipv4.conf.all.accept_source_route=0 # Enable send_redirects by default net.ipv4.conf.all.send_redirects=1 +# IPv6 parameters: + +# Enable packet forwarding for IPv6 +net.ipv6.conf.all.forwarding=1 + # Disable ipv6 accept_source_route by default net.ipv6.conf.default.accept_source_route=-1 diff --git a/templates/system/ipv6/disable/node.def b/templates/system/ipv6/disable/node.def new file mode 100644 index 00000000..50aaa420 --- /dev/null +++ b/templates/system/ipv6/disable/node.def @@ -0,0 +1,10 @@ +help: Disable assignment of IPv6 addresses on all interfaces + +create: + sudo sh -c "echo options ipv6 disable_ipv6=1 > \ + /etc/modprobe.d/vyatta_disable_ipv6" + echo "This change will take affect when the system is rebooted." + +delete: + sudo sh -c "rm -f /etc/modprobe.d/vyatta_disable_ipv6" + echo "This change will take affect when the system is rebooted." |