Hi Paul,
On 02/10/11 11:22, Paul de Weerd wrote:
> Hi Harald,
>
>
> What are you trying to achieve ? You mention your provider doesn't
> support IPv6 yet but want to make sure neighbour sollicitation works ?
> Why do you want to support neighbour discovery when your ISP doesn't
> do IPv6 ?
>
Sorry, I should have provided more information about the setup.
I've got 2 OpenBSD hosts building a fail-safe gateway. All internal
and external interfaces are setup with carp. There are 2 external
and 3+ internal networks. The IP providers on the external interfaces
don't support IPv6 (yet). I would like to keep my options open on the
internal subnets.
> | A simple "block quick inet6" doesn't seem appropriate,
> | and building a customized kernel without IPv6 is not
> | possible, AFAICS.
>
> If you don't use IPv6, 'block quick inet6' is quite appropriate
> (especially if building a kernel without IPV6 is your alternative).
> You may also want to block all tunneled traffic with 'block quick inet
> proto ipv6' and disable link-local addresses on your interfaces with
> `ifconfig ${INTERFACE} -inet6` (or add '-inet6' to your
> /etc/hostname.if files).
>
I missed this "-inet6" in ifconfig(8), and surely I would have
forgotten to filter "proto ipv6" to the internet.
That was very helpful. Thanx very much
Harri
