Skip to content

Commit 10e4a5a

Browse files
committed
Disable IPv6 in XenServer if it is enabled. The cloud support pack apparently enables IPv6 support at the moment, but wihtout proper security.
1 parent 0829ee1 commit 10e4a5a

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

scripts/vm/hypervisor/xenserver/setupxenserver.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,20 @@ usage() {
2323

2424
}
2525

26+
if [ ! -f "/etc/modprobe.d/disable-ipv6" ] ; then
27+
# disable IPv6 until reboot
28+
if [ -d "/proc/sys/net/ipv6/conf/all" ] ; then
29+
/sbin/sysctl -w net.ipv6.conf.all.forwarding=0
30+
/sbin/sysctl -w net.ipv6.conf.all.accept_ra=0
31+
/sbin/sysctl -w net.ipv6.conf.all.accept_redirects=0
32+
/sbin/sysctl -w net.ipv6.conf.all.autoconf=0
33+
/sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1
34+
fi
35+
36+
# reinstate the disable-ipv6 file
37+
echo "alias ipv6 no" > /etc/modprobe.d/disable-ipv6
38+
echo "alias net-pf-10 off" >> /etc/modprobe.d/disable-ipv6
39+
fi
2640

2741
#removing iptables entry for vnc ports
2842
iptables -D RH-Firewall-1-INPUT -p tcp -m tcp --dport 5900:6099 -j ACCEPT 2>&1

0 commit comments

Comments
 (0)