Hello Bob, On Wed, Apr 16, 2014 at 02:14:31PM -0500, Bob Nestor wrote: > However my connection to my ISP doesn't support IPV6 so I'd like to disable > it at least for the time being. I can't find any sysctl knob to do this but > I found an article that says the way to do this is with NPF. The article > indicates the way to do this is to add these two rules to the default group: > block in inet6 > block out inet6 > But these lines give syntax errors when I attempt an "npfctl reload". > Looking at the npf.conf documentation seems to indicate that the proper > syntax (for the npf variant in 6.1.3) should be: > block in family inet6 > block out family inet6 > But that also gives a syntax error. > > So I dropped back and decided that at least for the time being I'd build a > kernel that doesn't have IPV6. I commented out the "options INET6" line in > GENERIC and tried building the kernel. That fails during link with an > unresolved reference to "stfattach". > > My simple question is therefore, what's an easy way of disabling IPV6 in the > GENERIC kernel? In my npf.conf I specified to every pass rule (except on lo0) the "family inet" flag and in this way it works without any problem (and I have a "block all" rule at the end).
Maybe this thread could be interesting for you: http://mail-index.netbsd.org/netbsd-users/2012/06/27/msg010930.html IIRC there should be also a patch to /etc/rc.d/network in order to disable IPv6 without recompiling the kernel (I think that it disable setting link-local address that by default is enabled as noted by Thor). HTH, L.
