Hi, I just noticed that setting DISABLE_IPV6=Yes in the shorewall.conf does not seem to have any effect - INPUT and OUTPUT ip6tables chains still have the main target as ACCEPT:
root@fw:/etc# ip6tables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all anywhere anywhere This is quite irritating - especially as I am assuming that there are thousands of systems out there that rely on this option.
Am I missing something? Is there someplace else shorewall would disable ipv6?
PS: here's the documentation:
DISABLE_IPV6=Yes # # DISABLE_IPV6=[Yes|No] # # If set to Yes or yes, IPv6 traffic to, from and through the firewall system # is disabled. If set to No or no, Shorewall will take no action with respect # to allowing or disallowing IPv6 traffic. If not specified or empty, # “DISABLE_IPV6=No” is assumed. # # It is important to note that changing DISABLE_IPV6=Yes to DISABLE_IPV6=No # does not enable IPV6. The recommended approach for enabling IPv6 on your # system is: # # ● Install, configure and start Shorewall6. # # ● Change DISABLE_IPV6=Yes to DISABLE_IPV6=No # # ● Restart Shorewall # [link][3 comments]