|« Multiple BSD Distributions dtoa.c (pdtoa.c) and 'gdtoa/misc.c' Memory Corruption Vulnerability||BackTrack 4 Released »|
Recently, I was tuning events in a CSA Management Center (version 6.01.117) coming from a new RHEL5 server and I noticed something odd. Network Access Control rules that were triggering events on the RHEL box were showing IPv6 addresses in the event details even though IPv6 was not in use in this environment. Specifically, the machines initiating the network connections targeted at the RHEL box didn't even have the IPv6 protocol loaded but CSA was still sending back the event with both an IPv6 source and host address. Another odd thing was that there were existing allow rules in place that should have allowed the network traffic to go through based on IPv4 addressing but the agent appeared to ignore those allow rules.
Upon further research, I found that even though
/etc/sysconfig/network file did have the
NETWORKING_IPV6=no setting in it, the module for IPv6 was still being loaded by the system. I found a more thorough way if disabling IPv6 on the Red Hat knowledgebase site. After following the instructions below and rebooting the system, my rules started functioning as normal and no more weirdness ensued.
Check out Red Hat KB Article DOC-8711 for more details. Below is an excerpt from that article.
|Disabling IPv6 Support Red Hat Enterprise Linux 5
If the following line exists in the /etc/modprobe.conf file, remove it:
Add the following line to the /etc/modprobe.conf file:
In versions of Red Hat Enterprise Linux before 5.4, add the following line to the /etc/modprobe.conf file:
alias ipv6 off
In Red Hat Enterprise Linux 5.4 and later, add the following line to the /etc/modprobe.conf file:
To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
Once both the alias net-pf-10 off and alias ipv6 off lines are present in the /etc/modprobe.conf file and NETWORKING_IPV6=no is set in the /etc/sysconfig/network file, reboot the system to disable IPv6 support.
|Re-enabling IPv6 Support Red Hat Enterprise Linux 5
To re-enable IPv6 on Red Hat Enterprise Linux 5 systems, remove the following lines from the /etc/modprobe.conf file:
Set the following parameter in the /etc/sysconfig/network file:
Re-enable ipv6tables by issuing the following command:
You must reboot the system to activate IPv6 support.