Comment # 1
on bug 1210258
from Knut Alejandro Anderssen Gonz���lez
(In reply to Aaron Williams from comment #0)
> I have a setup where I have two network cards and two bridges.
>
> br0 is connected to the first network card and br1 is connected to the
> second network card.
> I am using bridges for VMs.
> In my case, for br1 I do not want any IP addresses since this port is
> connected directly to the internet and should be accessed only by a VM.
> The problem I am seeing is that even though YaST has br1 configured for No
> Link and IP Setup (Bond Ports), it is still obtaining an IPv6 address.
> If I configure a port for no IPv6 then it should not attach any protocols to
> that port, IPv4 or IPv6.
>
> How to recreate:
> 1. Configure a bridge with one network card and set it to No Link and IP
> Setup (Bond Ports)
> 2. Plug the cable into an IPv6 enabled network
> 3. Type ip -6 a
> 4. Notice that routeable IPv6 addresses get assigned.
>
> 7: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group
> ip -6 a
> ...
> 7: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group default qlen 1000
> link/ether 10:7b:44:91:3e:c9 brd ff:ff:ff:ff:ff:ff
> inet6 2603:3024:XXXX:XXXX:XXXX:XXXX:XXXX:37b8/64 scope global temporary
> dynamic
> valid_lft 299sec preferred_lft 299sec
> inet6 2603:3024:XXXX:XXXX:XXXX:XXXX:XXXX:3ec9/64 scope global dynamic
> mngtmpaddr
> valid_lft 299sec preferred_lft 299sec
> inet6 fe80::XXXX:XXXX:XXXX:3ec9/64 scope link
> valid_lft forever preferred_lft forever
>
> /etc/sysconfig/network/ifcfg-br1 contains the following:
> IPADDR='0.0.0.0'
> MTU='0'
> BOOTPROTO='none'
> STARTMODE='auto'
> ZONE='external'
> BRIDGE='yes'
> BRIDGE_PORTS='eth1'
> BRIDGE_STP='off'
> BRIDGE_FORWARDDELAY='15'
>
> I know IPv6 can be disabled via sysctl, but it should also be possible in
> YaST2. This can be a security issue, as it is for me.
And you can disable it in YaST using the Global Options tab and unchecking he
IPv6 Protocol Settings -> Enable IPv6. Isn't it enough?