summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog12
-rwxr-xr-xscripts/rl-system.init43
-rw-r--r--sysconf/vyatta-sysctl.conf8
-rw-r--r--templates/system/ipv6/disable/node.def10
4 files changed, 52 insertions, 21 deletions
diff --git a/debian/changelog b/debian/changelog
index e3c51286..d43437f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+vyatta-cfg-system (0.15.81) unstable; urgency=low
+
+ * Bugfix 4892: Add a config parameter to disable IPv6
+
+ -- Bob Gilligan <gilligan@vyatta.com> Wed, 23 Sep 2009 16:27:00 -0700
+
+vyatta-cfg-system (0.15.80) unstable; urgency=low
+
+ * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.
+
+ -- Bob Gilligan <gilligan@vyatta.com> Tue, 22 Sep 2009 15:56:58 -0700
+
vyatta-cfg-system (0.15.79) unstable; urgency=low
* allow install on old compaq smart-array
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index e05e0564..3ca02ed2 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -135,23 +135,30 @@ create_ssh_host_keys () {
set_ipv6_params ()
{
- # default values for ipv6 parameters do not take effect for interfaces at boot
- # time, so copy over default values to their interface specific parameter
- ipv6_params=(accept_source_route accept_redirects)
- num_ipv6_params=${#ipv6_params[*]}
- i=0
- while [ $i -lt $num_ipv6_params ]; do
- default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}`
- array=(`ls /proc/sys/net/ipv6/conf/`)
- array_len=${#array[*]}
- j=0
- while [ $j -lt $array_len ]; do
- sudo sh -c "echo $default_val > \
- /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}"
- let j++
- done
- let i++
- done
+ # default values for ipv6 parameters do not take effect for interfaces at
+ # boot time, so copy over default values to their interface specific
+ # parameter
+
+ if [ ! -d /proc/sys/net/ipv6 ]; then
+ # Skip it if IPv6 is not loaded
+ return
+ fi
+
+ ipv6_params=(accept_source_route accept_redirects)
+ num_ipv6_params=${#ipv6_params[*]}
+ i=0
+ while [ $i -lt $num_ipv6_params ]; do
+ default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}`
+ array=(`ls /proc/sys/net/ipv6/conf/`)
+ array_len=${#array[*]}
+ j=0
+ while [ $j -lt $array_len ]; do
+ sudo sh -c "echo $default_val > \
+ /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}"
+ let j++
+ done
+ let i++
+ done
}
setup_ntp_config_file () {
@@ -172,7 +179,7 @@ start () {
setup_ntp_config_file
add_new_serial_if || \
log_failure_msg "can\'t add serial interfaces"
- sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf ||
+ sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf ||
log_failure_msg "can\'t configure kernel settings"
set_ipv6_params
update_version_info
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 5b888a8c..1f270d92 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -31,9 +31,6 @@ net.ipv4.icmp_ignore_bogus_error_responses=1
# Send ICMP responses with primary address of exiting interface
net.ipv4.icmp_errors_use_inbound_ifaddr=1
-# Enable packet forwarding for IPv6
-net.ipv6.conf.all.forwarding=1
-
# Log packets with impossible addresses to kernel log
net.ipv4.conf.all.log_martians=1
@@ -58,6 +55,11 @@ net.ipv4.conf.all.accept_source_route=0
# Enable send_redirects by default
net.ipv4.conf.all.send_redirects=1
+# IPv6 parameters:
+
+# Enable packet forwarding for IPv6
+net.ipv6.conf.all.forwarding=1
+
# Disable ipv6 accept_source_route by default
net.ipv6.conf.default.accept_source_route=-1
diff --git a/templates/system/ipv6/disable/node.def b/templates/system/ipv6/disable/node.def
new file mode 100644
index 00000000..50aaa420
--- /dev/null
+++ b/templates/system/ipv6/disable/node.def
@@ -0,0 +1,10 @@
+help: Disable assignment of IPv6 addresses on all interfaces
+
+create:
+ sudo sh -c "echo options ipv6 disable_ipv6=1 > \
+ /etc/modprobe.d/vyatta_disable_ipv6"
+ echo "This change will take affect when the system is rebooted."
+
+delete:
+ sudo sh -c "rm -f /etc/modprobe.d/vyatta_disable_ipv6"
+ echo "This change will take affect when the system is rebooted."