Hi,

I'm trying with no luck to blacklist ipv6 module.
As first attempt I've added
at the bottom of /etc/modprobe.d/blacklist.conf and it was not working(rebooted and ipv6 module still loaded). I removed then that line and used
Still no luck after a reboot and was not created.
So i tried
and after a reboot still no luck.
I'm using 3.7.1 kernel generic kernel.
Suggestions ?

Yes, blacklisting doesn't work any more, depending on how the particular module is loaded.

This is the way I am doing it::
There's also a "disable_ipv6=1" option you can use instead which does a slightly different thing, but I use the one above which means it can't be reenabled without rebooting, which is either good or bad depending on your point of view.

See /usr/src/linux/Documentation/networking/ipv6.txt for details.

4 members found this post helpful.

Thanks, this solved the issue.
I just wonder if this is the excpeted behavior.
Reading the manual:
This doesn't give a clue on how blacklist should behave with a module like ipv6 just "all aliases are disbled". I'm starting to think that blacklist is a false friend, it should be something like remove-all-alias and we miss a way to prevent the loading of a module.
Am I wrong?

Blacklisting a module is not the correct way to disable a network protocol. It never was.

Add ipv6.disable_ipv6=1 to the kernel command line to disable IPv6.

3 members found this post helpful.

Yes, correct way to do that is "find /lib/modules/$(uname -r) -name ipv6.ko |xargs rm -f" :sarcasm-icon:
Where does original poster stated he want "to disable a network protocol"? None of his words here explicitly mentioned any "network" "protocol". I see prevention of module load question only.

The following in /etc/modprobe.d/aliases.conf seems to work:

alias net-pf-10 off # INET6, IPv6 Protocol

He mentioned a network protocol directly in the title.

jtsn, "He mentioned a network protocol directly in the title" whose name accidentally matches module name. He mentioned "ipv6 module" explicitly (see "module" word?) in message, and never mentioned word "protocol" neither "network". Conclusion: he wants to disable loading of module named "ipv6". If it is to hard to you to ignore coincidence of names, just replace name "ipv6" with other, for instance "battery", and then try to solve problem.

This logical conclusion was made judging of question text. I understand, probably OP jsut wishes to disable IPv6 protocol... but question is still open: how to disable load "ipv6.ko" kernel module. I interested in this kind of solution.

I don't accept jstn's position, but, you guys are just arguing semantics:
If someone gets on a bus, then they are getting on it because they want to go to somewhere along it's route, not because they want to get on a bus (Well, unless they are a little odd).

If one does not need ipv6 functionality then I see nothing wrong with disabling the loading of the ipv6 module that provides it. Clearly, as this thread demonstrates, blacklisting a module from loading isn't as straight forward as it once was because not everything respects the blacklist any more, but that is a separate issue.

If disabling the loading of the module now requires one to alter module alias definitions then IMO that is getting a little too ugly and is best avoided. That doesn't mean I agree that blacklisting the module is wrong in and of itself, merely inconvenient or impractical.

Breaking IPv6 is a side-effect of blacklisting the ipv6 module. The side-effect only occurs under special circumstances. It never happens, if you boot a kernel, which has IPv6 compiled in or the initrd loads ipv6.ko.

Disabling IPv6 intentionally via the kernel command line always works and doesn't depend on side-effects.

2 members found this post helpful.

I guess where we differ is that I don't see disabling the module as 'breaking' anything. If the module is not loaded then the code within it that provides ipv6 functionality is not part of the kernel, and there is nothing to "break" or disable. Yes, this solution is specific to a system that has ipv6 configured as a module, but that is the case with the slackware generic kernel.

I think we're in agreement on the best approach to take, even if not on some of the background behind wshhy, so I'll leave it at that.

Disabling ipv6 via kernel command line has the side effect of loading a kernel module for no reason.
It's like to load a driver for a device that you don't have

The code is still part of the kernel, it's just residing in its own kernel object file.

If you want a kernel without IPv6 you have to explicitly build one with CONFIG_IPV6=N.

Please understand what monolithic kernels are and how they work.

You're erroneously patronizing. Modules not currently loaded exist as object files but do not exist 'in the kernel' at run-time (ie. they are not loaded into RAM and are not currently functional). The generic kernel has tons of modules that do not normally get loaded -- they are only relevant at run-time if they actually get loaded. Being a monolithic kernel means that the modules, despite existing as standalone parts, still have the capability of evoking a kernel oops that brings the whole damn machine down -- but if the module is not loaded...then obviously nothing is going to happen in regards to that module. You're arguing over semantics in an attempt to prove your correctness but in previous kernels blacklisting certain modules prevented them from being loaded and thus prevented their activity from being used. In today's kernel blacklisting ipv6 does exactly nothing but in general blacklisting a module is not 'improper' and will not 'break' anything.

I have treated you with respect during this discussion despite taking issue with some of your points.
Kindly do me the same courtesy. Even if I were wrong, which I'm not, that tone is unwarranted.

1 members found this post helpful.