# IPV6 disable - make it easy



## alexei (Sep 22, 2012)

For several reasons I want to keep my home network free of IPV6.
Unfortunately I found disabling IPV6 requires rather time-consuming and laborous procedure:
http://forums.freebsd.org/showthread.php?t=4008
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html
Additional hassle is that it seems I have to repeat it after each upgrade.

It would be nice if developers could provide a script that would perform complete procedure of removing IPV6 at once, or just supply IPV6-free setup as an option.

Ideally, disabling IPV6 should be a runtime option and not require recompilation. There are many concerns with IPV6. For example, see
http://www.zdnet.com/security-versus-privacy-with-ipv6-deployment-7000001955/


----------



## gkontos (Sep 22, 2012)

alexei said:
			
		

> Ideally, disabling IPV6 should be a runtime option and not require recompilation. There are many concerns with IPV6. For example, see
> http://www.zdnet.com/security-versus-privacy-with-ipv6-deployment-7000001955/



This article is a bunch of crap. It mentions privacy issues in regards to network layer when it completely forgets to mention that a user can and is being monitored constantly by anyone who wants to in the application level. The minute you start surfing the net with IPv4, your searches, hits, habits and interests are stored in databases.

IPv6 is a much more secure implementation of the IP protocol. If you don't want to use IPv6 you don't have to. You don't have to recompile your kernel. You can't get internet access with link-local addresses only.


----------



## kpa (Sep 22, 2012)

Seconded. IPv6 does not expose you anymore on the net than IPv4, quite the opposite really. As gkontos says above you can't connect to IPv6 net with just link-local addresses because they are non-routable by definition, you need a proper IPv6 connection to be able to connect or be connected to with IPv6.

If you don't want IPv6 enabled on your FreeBSD machine it's very simple. Don't enable any IPv6 options in /etc/rc.conf, make sure all of the network interfaces are marked as IFDISABLED for IPv6 in ifconfig(8) output (with the exception of lo0). That's about it.


----------

