"lo: Disabled Privacy Extensions" and ipv6 disabling?

10.04 networking ipv6 vsftpd

10,225

Solution 1

Disbale IPv6 in Ubuntu

Method 1

gksudo gedit  /etc/modprobe.d/aliases

Find the line: alias net-pf-10 ipv6 change to alias net-pf-10 off

If the above change is not working you need to change the following one alias net-pf-10 off ipv6

Method 2

Edit /etc/default/grub file

gksudo gedit  /etc/default/grub

Change

GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”

GRUB_CMDLINE_LINUX_DEFAULT=”ipv6.disable=1 quiet splash”

Save and exit the file

Update the grub from the command line

sudo update-grub

Keep me informed.

Regards,

Ilias el Matani

Solution 2

On an openSUSE 11.2 box that has a much newer kernel than original, I was getting this message too.

The use_tempaddr setting above is already -1 so that is no fix.

However elsewhere several people have said that shutting off vsftpd stops their messages.

And, as an LXC user I happen to be aware of an unusual thing vsftpd does with the namespaces support in newer kernels which causes a problem when vsftpd is used within an LXC container.

It turns out merely disabling that namespace-based isolation feature in vsftpd is enough to halt the messages at least for me.

Add the following to /etc/vsftpd.conf:

isolate=NO
isolate_network=NO

Then restart vsftpd.

ipv6 and vsftpd are both still enabled yet no more privacy extension messages.

Solution 3

ipv6 support appears to be built-in in the latest ubuntu kernels, so you can't blacklist the module.

To disable ipv6 you need to do sysctl -p /etc/sysctl.conf before the changes in that file are used. (assuming you didn't reboot your computer, in which case the changes should be active already).

But why do you want to disable ipv6? The log messages wont harm your computer.

Oh, and if you want to disable only the privacy extensions part of ipv6 (which you probably wont need on a server anyway), put the key net.ipv6.conf.all.use_tempaddr = 0 in /etc/sysctl.conf

Solution 4

As answered by Brian K. White, I just reconfigured /etc/vsftpd.conf with the undocumented isolate_network=NO and it did the trick. One minor difference about his answer is, that I didn't had to set isolate=NO.

This configuration variable reverts vsftpd to use fork(). Otherwise it would use clone() with CLONE_NEWNET parameter. This would put the process accessing the files into a separate networking environment that cannot access any network. (I have found this information on another answer on ServerFault)

I followed this path, because I saw those log messages appear after I've setup vsftpd.

View more solutions

10,225

Smartkid

Updated on September 17, 2022

Comments

Smartkid over 1 year
There are lots of "lo: Disabled Privacy Extensions" in var/log/messages . I googled and find it is ipv6 releated, so I tried to disable ipv6.

I added the following lines to /etc/sysctl.conf
```
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
```
and blacklist ipv6 to /etc/modprobe.d/blacklist.conf

after that, I restarted the network by /etc/init.d/networking restart .

My question is: The ip addr still shows inet6 address attached to eth0 in forms like inet6 fe80::212:79ff:fecf:edaf/64 scope link

Does it means my ipv6 not disabled?
- Anders over 8 years
  
  Don't disable IPv6. If you don't have a IPv6 router in your LAN, your machine will not use that. But if you really want to disable IPv6, you just need to remove the 'ipv6' module. But you shouldn't do that. And no, if you see a link local address, like fe80::/10, you have IPv6 support in your machine.
Smartkid over 13 years

I want to disable ipv6 because: 1) too many "lo: Disabled Privacy Extensions" in the log, and 2) my web site can run with ipv4 so why should I enable ipv6 ? :-)
Carsten Thiel over 13 years

@Smartkid: Well, there is this exhaustion thing: APNIC
Smartkid over 13 years

sudo remod ipv6 returns : ERROR: Module ipv6 does not exist in /proc/modules but inet6 address is still displayed in the result of the ip addr command
petergil over 13 years

@Smartkid doh! it appears that ipv6 is built into the kernel now. But doing the sysctl thing should disable it. Not that you seem to have a good reason for doing it. Your website will need to support ipv6 eventually if you plan on keeping it around, and it doesn't cost you anything if you have it enabled.
belacqua over 13 years

@peter It seems valid to be concerned about running a separate ipv6 stack when you're not using it. There is the potential for unintended configuration, vulnerabilities, and bugs. And after all, he could re-enable ipv6 just by reversing the config changes.
petergil over 13 years

ah, that's true. I guess I'm spoiled since I have an ISP that actually supports ipv6. It really is quite practical.
Joschua about 13 years

It's better to enable the privacy extension (if you're using it), because when they're disabled, you are identifiable just by your IP-address!
Anders over 8 years

No, to disable IPv6, you need should do like @Ilisa does in the other answer. And to see if you have IPv6 support, just run ip -6 add and see if you have any link local addresses.