Re: disabling ipv6 kernel module

To: DebianTesting List <debian-testing@lists.debian.org>
Subject: Re: disabling ipv6 kernel module
From: Greg Folkert <greg@gregfolkert.net>
Date: Thu, 18 Nov 2004 16:20:19 -0500
Message-id: <[🔎] 1100812819.16718.9.camel@king.gregfolkert.net>
In-reply-to: <[🔎] 419D0C7E.7080807@harmuth-sc.de>
References: <[🔎] 44186052-398E-11D9-B6A8-000A957969E0@bitrate.net> <[🔎] 419CF66D.2010501@harmuth-sc.de> <[🔎] 2F1110BD-399F-11D9-B6A8-000A957969E0@bitrate.net> <[🔎] 419D0C7E.7080807@harmuth-sc.de>

On Thu, 2004-11-18 at 21:56 +0100, Jörg Harmuth wrote:
> btb schrieb:
> 
> >
> > On Nov 18, 2004, at 14.22, Jörg Harmuth wrote:
> >
> >> Hi Ben,
> >>
> >>>
> >>> what is the proper approach to achieving this?
> >>>
> >> I don't know what the proper approach is, but if everything works 
> >> correctly without ipv6 (I had problem without ipv6 some time ago, but 
> >> I can't really recall what was up there) why not compile a kernel 
> >> without ipv6 support ? This defenitely works, if it is a possibility 
> >> at all. And it gives you the chance to remove more things you don't 
> >> need from your kernel.
> >>
> >> Have a nice time
> >>
> >> Joerg
> >
> >
> > hi joerg-
> >
> > thanks for replying.
> >
> > i did start down that road a bit - and found out i am not yet 
> > comfortable enough with that process to trust myself (very very new to 
> > debian).  besides, isn't the idea of loading and unloading (or not 
> > loading) modules that you don't have to recompile your kernel for this 
> > type of thing?
> >
> > -ben
> 
> Hi Ben,
> 
> yes and no in my opinion. It is convenient to be able to disable kernel
> features at load time (and of course rub´n-time). But they still exist
> and an successful attacker could exploid one or more of  them. For me
> the better choice is to _realy_ disable them (those I don't need) in the
> kernel configuration. If it's not there - what can you do with it ?
> 
> If you have never done kernel configuration it is hard work. I mean
> understanding all the things you should know for this. But in Debian
> there is a convenient way to do this (it is said to be convenient, but I
> never tried it - sorry, I don't even know the name of the package :(
> Hey list, can you help ?) But in my opinion it's worth while. It serves
> a lot of purposes.

I just let everything go. IPv6 is one of those troublesome modules. I
just delete all the ipv6 modules (clearly there are other alternatives)
and it works for me, I get 2 error messages during boot caused by them
being gone.

Not really a problem though. As it was deliberate.
-- 
greg, greg@gregfolkert.net

The technology that is
Stronger, better, faster: Linux

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- disabling ipv6 kernel module
  - From: btb <btb@bitrate.net>
- Re: disabling ipv6 kernel module
  - From: Jörg Harmuth <harmuth@harmuth-sc.de>
- Re: disabling ipv6 kernel module
  - From: btb <btb@bitrate.net>
- Re: disabling ipv6 kernel module
  - From: Jörg Harmuth <harmuth@harmuth-sc.de>

Prev by Date: Re: disabling ipv6 kernel module
Next by Date: Re: disabling ipv6 kernel module
Previous by thread: Re: disabling ipv6 kernel module
Next by thread: Re: disabling ipv6 kernel module
Index(es):
- Date
- Thread