HPE Community
Operating System - HP-UX
1753802 Members
8289 Online
108805 Solutions
New Discussion юеВ

Yank ip6 and tcp6

 
Shabu Khan-2
Frequent Advisor

тАО06-28-2007 11:57 AM

тАО06-28-2007 11:57 AM

Yank ip6 and tcp6


#HP-UX 11.23
#rp3440

I am trying to do close to what Harry was trying to do here:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=882565

I want all references to IPv6 turned-off, including uninstalling modules ip6 and tcp6.

When I do a lsof | grep -i ipv6 I see a bunch of processes - registrar, kcmond etc listening/using IPv6 address family, we are not using IPV6 and we don't want it on our system.

I see files /dev/tcp6 and /dev/ip6 and kcsystem shows ip6 and tcp6 modules installed, but I want to uninstall these, how do I go about doing it?

I removed files tcp6 and udp6 and ip6 but when it comes back on after a reboot it gets created, obviously because the modules get loaded on reboot and these character files gets created?

Please advise.

Thanks,
Shabu
0 Kudos
Reply
4 REPLIES 4
Shabu Khan-2
Frequent Advisor

тАО06-29-2007 04:32 AM

тАО06-29-2007 04:32 AM

Re: Yank ip6 and tcp6


Any thoughts?
0 Kudos
Reply
rick jones
Honored Contributor

тАО07-02-2007 05:03 AM

тАО07-02-2007 05:03 AM

Re: Yank ip6 and tcp6

I'm reasonably certain that support for IPv6 in the 11.23 and later TCP/IP stack is not separate from the rest of the stack. That suggests that disabling it entirely may be difficult if not downright impossible.

If you don't actually assign any IPv6 addresses to any of your interfaces, you won't receive any IPv6 traffic from the net. If you are still worried about IPv6, I suppse you could setup ipfilter to filter-out any IPv6 datagrams which somehow managed to make it into your system(s).

there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
Shabu Khan-2
Frequent Advisor

тАО07-02-2007 05:10 AM

тАО07-02-2007 05:10 AM

Re: Yank ip6 and tcp6


Thanks for responding Rick.

Actually, the logic in the /sbin/init.d/ems script could have been better, like I said earlier the script checks to see if the files /dev/ip6 and /dev/tcp6 files exist if it does then it updates the /etc/inetd.conf file to use tcp6 for registrar and starts up the registrar processes with ipv6 and thats why I see those connections to ipv6 address family internally, I don't want to use ipv6 but ipv4.

Thats unfortunate that it is built into the 11.23 OS stack.

We had a PCI audit recently and they asked me to run netstat -an and the output obviously showed stuff listening on ipv6 ports and they asked me to disable it if we are not using any IPV6 addresses.

Thanks,
Shabu
0 Kudos
Reply
rick jones
Honored Contributor

тАО07-02-2007 05:21 AM

тАО07-02-2007 05:21 AM

Re: Yank ip6 and tcp6

Well, having put-forth my strawman about IPv6 removability, perhaps someone else from UX-land can correct it.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.