gentoo/Shorewall/DISABLE_IPV6

Something I just stumbled upon. I was configuring Shorewall 4, and there’s a flag called DISABLE_IPV6 in shorewall.conf. Oh yeah, I thought, that makes sense – I don’t yes IPV6, so I’ll set that to Yes. Did so, and when I ran Shorewall it showed my lots of error messages like this:

FATAL: Module ip6_tables not found.
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Well, I don’t have ip6_tables compiled, which is just the reason I liked that flag when I saw it. Read the source, and I found that the flag doesn’t mean “don’t use IPV6”, but rather it means “use ip6tables to take some special action to disable IPV6”. Well. I searched for the piece of documentation I was missing (because I wasn’t assuming there’d be anything to misinterpret about the meaning of that flag), but I still can’t find anything… apart from this forum post where somebody states “… this is because in a perversely twisted form of logic the configuration file requires you to have IPV6 support to be able to disable it …”

Well put.

Sorry, this blog does not support comments.

I used various blog hosting services since this blog was established in 2005, but unfortunately they turned out to be unreliable in the long term and comment threads were lost in unavoidable transitions. At this time I don't want to enable third-party services for comments since it has become obvious in recent years that these providers invariably monetize information about their visitors and users.

Please use the links in the page footer to get in touch with me. I'm available for conversations on Keybase, Matrix, Mastodon or Twitter, as well as via email.