On Tuesday, September 27, 2016 at 7:27:43 PM UTC-4, raah...@gmail.com wrote: > On Tuesday, September 27, 2016 at 5:38:59 PM UTC-4, Unman wrote: > > On Tue, Sep 27, 2016 at 12:41:12PM -0700, raahe...@gmail.com wrote: > > > On Sunday, September 25, 2016 at 9:46:13 AM UTC-4, nishi...@gmail.com > > > wrote: > > > > Hello, > > > > > > > > I am surprised that there is no way to disable ipv6 on Debian template. > > > > > > > > I reinstalled first the template using documentation > > > > https://www.qubes-os.org/doc/reinstall-template/ > > > > > > > > Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, > > > > I did reboot the Template but it didn't change the outcome, I still had > > > > ipv6 ports opened using "netstat -antp" > > > > > > > > I even added "sudo ip6tables -P INPUT DROP" in "/rw/config/rc.local", > > > > but I still got those distant servers listening when I check using > > > > commands like "sudo lsof -i6" or "netstat -antp" on my Debian Template. > > > > > > > > What is rpcbind, avahi-dae and why you got this ipv6 bound to systemd > > > > on PID 1 ? Looks suspicious, I thought Ipv6 was disabled by default on > > > > Qubes. > > > > > > > > Regards > > > > > > You have to change kernel parameters a diff way I believe. try this > > > method from whonix instructions. > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > to list the parameters use qvm-prefs -l debian-8 kernelopts > > > > > > To change them do qvm-prefs -s debian-8 kernelopts "nopat ipv6.disable=1" > > > > > > Then restart template and vms. > > > > > > > As I pointed out, changing parameters in the template will not affect the > > VMs. > > You need to change the option individually for each qube where you want > > to disable IP6. > > > > unman > > I pointed out how to change the parameters. You do the command from dom0 for > the template you want ipv6 disabled. Basically The same method whonix > instructs on how to install apparmor on debian template. This is how I > disable ipv6.
you can verify this from a terminal in one of the proxies or vms based on that template with lsof or netstat and see no more ipv6 connections. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13ed43ba-4151-4b52-9d25-3d4fff210b63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
