From 10e4a5ae4847ec7052d620b96f3fcd2263207c8e Mon Sep 17 00:00:00 2001
From: Hugo Trippaers <htrippaers@schubergphilis.com>
Date: Mon, 30 Jul 2012 17:26:33 +0200
Subject: [PATCH] Disable IPv6 in XenServer if it is enabled. The cloud support
 pack apparently enables IPv6 support at the moment, but wihtout proper
 security.

---
 scripts/vm/hypervisor/xenserver/setupxenserver.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/vm/hypervisor/xenserver/setupxenserver.sh b/scripts/vm/hypervisor/xenserver/setupxenserver.sh
index d3ade09c757..57456b3926c 100755
--- a/scripts/vm/hypervisor/xenserver/setupxenserver.sh
+++ b/scripts/vm/hypervisor/xenserver/setupxenserver.sh
@@ -23,6 +23,20 @@ usage() {
 
 }
 
+if [ ! -f "/etc/modprobe.d/disable-ipv6" ] ; then
+    # disable IPv6 until reboot
+    if [ -d "/proc/sys/net/ipv6/conf/all" ] ; then
+        /sbin/sysctl -w net.ipv6.conf.all.forwarding=0
+        /sbin/sysctl -w net.ipv6.conf.all.accept_ra=0
+        /sbin/sysctl -w net.ipv6.conf.all.accept_redirects=0
+        /sbin/sysctl -w net.ipv6.conf.all.autoconf=0
+        /sbin/sysctl -w net.ipv6.conf.all.disable_ipv6=1
+    fi
+
+    # reinstate the disable-ipv6 file
+    echo "alias ipv6 no" > /etc/modprobe.d/disable-ipv6
+    echo "alias net-pf-10 off" >> /etc/modprobe.d/disable-ipv6
+fi
 
 #removing iptables entry for vnc ports
 iptables -D RH-Firewall-1-INPUT -p tcp -m tcp --dport 5900:6099 -j ACCEPT 2>&1