Something I just stumbled upon. I was configuring Shorewall 4, and there’s a flag called DISABLE_IPV6 in shorewall.conf. Oh yeah, I thought, that makes sense – I don’t yes IPV6, so I’ll set that to Yes. Did so, and when I ran Shorewall it showed my lots of error messages like this:

FATAL: Module ip6_tables not found.
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Well, I don’t have ip6_tables compiled, which is just the reason I liked that flag when I saw it. Read the source, and I found that the flag doesn’t mean "don’t use IPV6", but rather it means "use ip6tables to take some special action to disable IPV6". Well.

I searched for the piece of documentation I was missing (because I wasn’t assuming there’d be anything to misinterpret about the meaning of that flag), but I still can’t find anything… apart from this forum post where somebody states "… this is because in a perversely twisted form of logic the configuration file requires you to have IPV6 support to be able to disable it …" Well put.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s