On Tue, Sep 27, 2016 at 12:41:12PM -0700, raahe...@gmail.com wrote: > On Sunday, September 25, 2016 at 9:46:13 AM UTC-4, nishi...@gmail.com wrote: > > Hello, > > > > I am surprised that there is no way to disable ipv6 on Debian template. > > > > I reinstalled first the template using documentation > > https://www.qubes-os.org/doc/reinstall-template/ > > > > Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I > > did reboot the Template but it didn't change the outcome, I still had ipv6 > > ports opened using "netstat -antp" > > > > I even added "sudo ip6tables -P INPUT DROP" in "/rw/config/rc.local", but I > > still got those distant servers listening when I check using commands like > > "sudo lsof -i6" or "netstat -antp" on my Debian Template. > > > > What is rpcbind, avahi-dae and why you got this ipv6 bound to systemd on > > PID 1 ? Looks suspicious, I thought Ipv6 was disabled by default on Qubes. > > > > Regards > > You have to change kernel parameters a diff way I believe. try this method > from whonix instructions. https://www.whonix.org/wiki/Qubes/Install > > to list the parameters use qvm-prefs -l debian-8 kernelopts > > To change them do qvm-prefs -s debian-8 kernelopts "nopat ipv6.disable=1" > > Then restart template and vms. >
As I pointed out, changing parameters in the template will not affect the VMs. You need to change the option individually for each qube where you want to disable IP6. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160927213857.GA5446%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
