Re: turning off ipv6 on lo0

On 9 May 2023 3:52:44 am AEST, Gary Aitken <freebsd@dreamchaser.org> wrote:
 > Can't seem to figure out how to completely disable ipv6 in
 > 12.4-RELEASE.
 > Tried everything I've found in searches, I think.
 > 
 > rc.conf:
 > 
 > ip6addrctl_enable="NO"
 > ip6addrctl_prefer_ipv4="YES"
 > ip6addrctl_prefer_ipv6="NO"
 > ipv6_activate_all_interfaces="NO"
 > # neither of the 2 lines below have any effect;
 > # nor does the absence of them
 > # lo0 always has ipv6 configured
 > #ipv6_network_interfaces="none"
 > #ipv6_network_interfaces=""

Yes.

 > An ifconfig shows no ipv6 on any interfaces except lo0:
 > 
 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
 >       options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
 >          inet6 ::1 prefixlen 128
 >          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
 >          inet 127.0.0.1 netmask 0xff000000
 >          groups: lo
 >          nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 > 
 > So how do I get rid of it on lo0?

See /etc/network.subr ... unless you go drastic and omit ipv6 from kernel as Tim suggested, lo0 will have address ::1.

 > Should I care?

No need to.  localhost doesn't transact with other than localhost anyway AFAIK, and even if tried - as you mentioned running ipfw - rc.firewall initialisation runs:

setup_loopback() {
	############
	# Only in rare cases do you want to change these rules
	#
	${fwcmd} add 100 pass all from any to any via lo0
	${fwcmd} add 200 deny all from any to 127.0.0.0/8
	${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
	if [ $ipv6_available -eq 0 ]; then
		${fwcmd} add 400 deny all from any to ::1
		${fwcmd} add 500 deny all from ::1 to any
	fi
}

where ipv6_available is 0 when "afexists inet6", ie in kernel (/etc/network.subr)

cheers, Ian