gentoo/Shorewall/DISABLE_IPV6

Something I just stumbled upon. I was configuring Shorewall 4, and there’s a flag called DISABLE_IPV6 in shorewall.conf. Oh yeah, I thought, that makes sense – I don’t yes IPV6, so I’ll set that to Yes. Did so, and when I ran Shorewall it showed my lots of error messages like this:

FATAL: Module ip6_tables not found.
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Well, I don’t have ip6_tables compiled, which is just the reason I liked that flag when I saw it. Read the source, and I found that the flag doesn’t mean "don’t use IPV6", but rather it means "use ip6tables to take some special action to disable IPV6". Well.

I searched for the piece of documentation I was missing (because I wasn’t assuming there’d be anything to misinterpret about the meaning of that flag), but I still can’t find anything… apart from this forum post where somebody states "… this is because in a perversely twisted form of logic the configuration file requires you to have IPV6 support to be able to disable it …" Well put.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 4,447 other followers