[ovirt-users] selectively disabling IPv6 on bridges

Rik Theys Rik.Theys at esat.kuleuven.be
Wed May 6 07:28:30 EDT 2015


Hi,

I'm looking for a way to selectively disable IPv6 on the bridge 
interfaces on the oVirt hosts.

When oVirt creates the bridges for all logical networks on the host, it 
keeps the default settings for IPv6 which means all bridges get a 
link-local address and accept router advertisements.

When a VM is created on the logical network, it can now reach the host 
over IPv6 (but not over IPv4 if no IP address has been assigned on the 
host). If it sends out a router advertisement it can even create a 
global IPv6 address (haven't tested this).

How can I prevent this?

I would like to prevent the guest from IPv6 access to the host but the 
guest itself still needs IPv6 access (global IPv6 addresses).

Is it sufficient to create a sysctl config file that says:

net.ipv6.conf.default.disable_ipv6 = 1

?

Regards,

Rik


-- 
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>


More information about the Users mailing list