https://bugzilla.suse.com/show_bug.cgi?id=1210258 https://bugzilla.suse.com/show_bug.cgi?id=1210258#c1 Knut Alejandro Anderssen Gonz�lez <kanderssen@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aaronw@doofus.org, | |kanderssen@suse.com Flags| |needinfo?(aaronw@doofus.org | |) --- Comment #1 from Knut Alejandro Anderssen Gonz�lez <kanderssen@suse.com> --- (In reply to Aaron Williams from comment #0)

I have a setup where I have two network cards and two bridges.

br0 is connected to the first network card and br1 is connected to the second network card. I am using bridges for VMs. In my case, for br1 I do not want any IP addresses since this port is connected directly to the internet and should be accessed only by a VM. The problem I am seeing is that even though YaST has br1 configured for No Link and IP Setup (Bond Ports), it is still obtaining an IPv6 address. If I configure a port for no IPv6 then it should not attach any protocols to that port, IPv4 or IPv6.

How to recreate: 1. Configure a bridge with one network card and set it to No Link and IP Setup (Bond Ports) 2. Plug the cable into an IPv6 enabled network 3. Type ip -6 a 4. Notice that routeable IPv6 addresses get assigned.

7: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group ip -6 a ... 7: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 10:7b:44:91:3e:c9 brd ff:ff:ff:ff:ff:ff inet6 2603:3024:XXXX:XXXX:XXXX:XXXX:XXXX:37b8/64 scope global temporary dynamic valid_lft 299sec preferred_lft 299sec inet6 2603:3024:XXXX:XXXX:XXXX:XXXX:XXXX:3ec9/64 scope global dynamic mngtmpaddr valid_lft 299sec preferred_lft 299sec inet6 fe80::XXXX:XXXX:XXXX:3ec9/64 scope link valid_lft forever preferred_lft forever

/etc/sysconfig/network/ifcfg-br1 contains the following: IPADDR='0.0.0.0' MTU='0' BOOTPROTO='none' STARTMODE='auto' ZONE='external' BRIDGE='yes' BRIDGE_PORTS='eth1' BRIDGE_STP='off' BRIDGE_FORWARDDELAY='15'

I know IPv6 can be disabled via sysctl, but it should also be possible in YaST2. This can be a security issue, as it is for me.

And you can disable it in YaST using the Global Options tab and unchecking he IPv6 Protocol Settings -> Enable IPv6. Isn't it enough? -- You are receiving this mail because: You are on the CC list for the bug.