Building amd64 without IPV6 support

To: <netbsd-users%netbsd.org@localhost>
Subject: Building amd64 without IPV6 support
From: "Scott Burns" <Scott.Burns%SeQent.Com@localhost>
Date: Tue, 13 Feb 2018 17:50:19 -0500

I have completed the above task and it works on all machine except one.

On a firewall machine we have problems as it appears "ipnat" is unhappy
about the kernel not having IPV6 support.

The end result is:
	"Installing NAT rules ... 70:ioctl(SIOCGNATS) object size mismatch
for copying out ipfobj" upon starting up ipnat.

I have read about this exact error/problem on the FreeBSD platform and they
have a method of compiling the kernel with a make.conf options called:

	NOINET6="YES"
	NO_INET6="YES"
	WITHOUT_INET6="YES"

Their bug report number when someone reported the same error from ipnat was:
190964

Does NetBSD have such a compile time option?

I have already commented out:

	#options INET6
	#pseudo-device stf
	#options BRIDGE_IPF

In my config file I have:

	options 	IPFILTER_LOG	# ipmon(8) log support
	options 	IPFILTER_LOOKUP	# ippool(8) support
	options 	IPFILTER_COMPAT # Compat for IP-Filter
	#options 	IPFILTER_DEFAULT_BLOCK	# block all packets by
default
	pseudo-device	ipfilter		# IP filter (firewall) and
NAT

Hoping there is a way to do this especially with the latest SA's reporting
IPV6 vulnerabilities.

Thank you
Scott..

Follow-Ups:
- Re: Building amd64 without IPV6 support
  - From: Kamil Rytarowski

Prev by Date: NetBSD taking part in Google Summer of Code 2018
Next by Date: Re: Building amd64 without IPV6 support
Previous by Thread: NetBSD taking part in Google Summer of Code 2018
Next by Thread: Re: Building amd64 without IPV6 support
Indexes:

Home | Main Index | Thread Index | Old Index