# Disable IPv6 on one interface?



## dieselnutjob (Jun 9, 2011)

Hi,

I got IPv6 networking working this morning.  I am using sixxs as a tunnel broker. My FreeBSD firewall has a public interface which is on a shared media access (cable internet).  I don't want other people to see the IPv6 stack on my public interface, but I can't seem to switch it off.

In /etc/rc.conf I have tried

```
ipv6_network_interfaces="gif0 lo0"
```
and I have tried

```
ifconfig_vr0="DHCP"
ipv6_ifconfig_vr0="NOAUTO"
```
but my vr0 public interface still has IPv6 address

```
inet6 fe80::200:24ff:fecc:91c0%vr0 prefixlen 64 scopeid 0x1
```

How do I disable it whilst still allowing IPv6 on the gif0 interface and others?


----------



## SirDice (Jun 10, 2011)

The fe80:: address is a non-routable link-local address. Which means nobody on the internet can connect to it.


----------



## dieselnutjob (Jun 10, 2011)

Am I right in thinking that anyone on the same local network as me could send packets to that interface though?  This would include hundreds of other users, some of whom might have been compromised, part or a botnet etc. My Internet connection is a shared access medium, not a point to point link like most ADSL lines.


----------



## SirDice (Jun 10, 2011)

dieselnutjob said:
			
		

> Am I right in thinking that anyone on the same local network as me could send packets to that interface though?


That's correct.



> This would include hundreds of other users, some of whom might have been compromised, part or a botnet etc.
> My Internet connection is a shared access medium, not a point to point link like most ADSL lines.


That's why firewalls were invented :e


----------

