Hi,
On 05/06/2015 02:53 PM, Dan Kenigsberg wrote:
On Wed, May 06, 2015 at 01:28:30PM +0200, Rik Theys wrote:
I'm looking for a way to selectively disable IPv6 on the bridge interfaces
on the oVirt hosts.
When oVirt creates the bridges for all logical networks on the host, it
keeps the default settings for IPv6 which means all bridges get a link-local
address and accept router advertisements.
When a VM is created on the logical network, it can now reach the host over
IPv6 (but not over IPv4 if no IP address has been assigned on the host). If
it sends out a router advertisement it can even create a global IPv6 address
(haven't tested this).
How can I prevent this?
I would like to prevent the guest from IPv6 access to the host but the guest
itself still needs IPv6 access (global IPv6 addresses).
Is it sufficient to create a sysctl config file that says:
net.ipv6.conf.default.disable_ipv6 = 1
Yes, I believe that this would do the trick. For any newly-created
device on the system, regardless of ovirt bridges.
I now see that el7 has changed the default for IPV6INIT to "yes". We
should be more prudent and set IPV6INIT=no on all our devices.
Would you open a bug about this, so it is tracked?
I've opened bug 1219363 for this.
Regards,
Rik
--
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440 - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
