There is so much more that could be disabled or removed in order to speed up a CentOS 5.? or Fedora 8 box. Of course I really wonder why you would ever do this.
#IS IT GOOD TO DISABLE IPV6 ON MAC HOW TO#
How to Disable IPv6 in Fedora and CentOS by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
#IS IT GOOD TO DISABLE IPV6 ON MAC INSTALL#
If you ever think about actually trying to configure and use it instead of just disabling it every time you install your Linux operating system, here is a good place to start… On the other hand, you should understand that IPv6 is not an evil thing… It exists in order to address certain issues. Using the instructions above, you can completely disable IPv6 in your system. But, generally, you could set the following options to “ no” inside your network interface scripts, for example: /etc/sysconfig/network-scripts/ifcfg-eth0įinally, In fedora 8 or newer you can safely remove the following option from the /etc/sysconfig/network file, if it exists: Even if you do not do this, the IPv6 stack will not be initialized because the ipv6 module cannot be loaded. It is also a good idea, since the ip6tables service has been turned off, to disable any IPv6-related functionality in the network interface configuration. Since the IPv6 functionality has been disabled, you can disable the ip6tables service (IPv6 Firewall). This is the recommended way to disable IPv6. It is obvious that this is an aggressive method to disable kernel modules, but it guarantees that the module never gets loaded. Since /bin/true, does absolutely nothing, the module never gets loaded.Īgain, it is required to reboot for the changes to take effect. The above line means: whenever the system needs to load the ipv6 kernel module, it is forced to execute the command true instead of actually loading the module. To completely disable IPv6 in your system, all you have to do is save the following line in a file inside /etc/modprobe.d/. So, frankly, it is suggested to read on how to disable the module more aggressively… Completely disable the ipv6 module In the case of ipv6 this could be a security risk, provided that the ipv6 firewall has been turned off but some network interfaces still use IPv6. This is what happens if it is needed by a system service, regardless of the fact that it has been blacklisted. Next, disable any services that use IPv6, eg ip6tables or any IPv6-enabled network interfaces and reboot (mandatory).Īfter you’ve logged-in again, try, for example, to load the ipv6 module with the modprobe command (as modprobe -v ipv6 To blacklist the module, simply save the following line in a file inside /etc/modprobe.d: But, what happens if an application requires to load that specific module or if root uses modprobe to load it on demand? Let’s test it… So, blacklist indicates that a module’s aliases should be ignored. These “internal” aliases can be overridden by normal “alias” keywords, but there are cases where two or more modules both support the same devices, or a module invalidly claims to support a device: the blacklist keyword indicates that all of that particular module’s internal aliases are to be ignored.
Modules can contain their own aliases: usually these are aliases describing the devices they support, such as “pci:123…”. It has been mentioned above that for ipv6 it is important to completely disable it. This information about blacklisting a kernel module exists here for educational purposes.
In this case, since you will most probably turn off the IPv6 firewall ( ip6tables) as well, it is highly recommended to completely disable the ipv6 module, to avoid any accidental loading of the IPv6 stack without any firewall protection at the same time. You can prevent a module from being inserted into the kernel by either blacklisting it or by completely disabling it. It is included in this article for completeness. Performing this check is absolutely not necessary. If you see ipv6 in its output, then the module is loaded.
0 kommentar(er)
