incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hugo Trippaers <>
Subject Disable IPv6 for systemvm
Date Mon, 30 Jul 2012 11:20:18 GMT
Hey guys,

The current systemvm has IPv6 enabled including autoconfiguration. This means that if the
machine is placed in an IPv6 enabled network (or somebody starts sending router advertisements)
the VM's based on the system vm will autoconfigure the interface. This means a possible way
to bypass the installed firewall as the IPv6 firewall is set to accept everything opposite
to the IPv4 firewall which is restricted.

My proposal is to include the following in sysctl.conf (at least until we properly support
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.autoconf = 0

If no objections I would like to commit this change.



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message