etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable IPv6 in XenServer if it is enabled. The cloud support pack apparently enables IPv6 support at the moment, but wihtout proper security.

This commit is contained in:
Hugo Trippaers 2012-07-30 17:26:33 +02:00
parent 0829ee164a
commit 10e4a5ae48
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/vm/hypervisor/xenserver/setupxenserver.sh
View File

@ -23,6 +23,20 @@ usage() {
}
if [ ! -f "/etc/modprobe.d/disable-ipv6" ] ; then
# disable IPv6 until reboot
if [ -d "/proc/sys/net/ipv6/conf/all" ] ; then
/sbin/sysctl -w net.ipv6.conf.all.forwarding=0
/sbin/sysctl -w net.ipv6.conf.all.accept_ra=0
/sbin/sysctl -w net.ipv6.conf.all.accept_redirects=0
/sbin/sysctl -w net.ipv6.conf.all.autoconf=0
/sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1
fi
# reinstate the disable-ipv6 file
echo "alias ipv6 no" > /etc/modprobe.d/disable-ipv6
echo "alias net-pf-10 off" >> /etc/modprobe.d/disable-ipv6
fi
#removing iptables entry for vnc ports
iptables -D RH-Firewall-1-INPUT -p tcp -m tcp --dport 5900:6099 -j ACCEPT 2>&1