toggle_ipv6 script not functioning as expected

[wlmckeon]

The toggle_ipv6 script doesn't seem to toggle the ipv6. I think that this is due to the "install ipv6 /bin/false" in the blacklist (placed by misc/blacklist.sh) not being commented out and preventing the ipv6 kernel module from being loaded.

Also, may want to add a section like this for enabling ipv6:
grep -q IPV6FORWARDING /etc/sysconfig/network
if [ $? -ne 0 ]; then
echo "IPV6FORWARDING=yes" >> /etc/sysconfig/network
else
sed -i "/IPV6FORWARDING/s/no/yes/" /etc/sysconfig/network
fi

and do the reverse with disabling ipv6. This prevents the error message "Global IPv6 forwarding is disabled in configuration, but not currently disabled in kernel" from being displayed when restarting the network.

[wlmckeon]

Looking at the Version 1 Revision 8 of the RHEL6 STIG, it looks like that it's not necessary to prevent the kernel module from loading. An easier fix may be just to modify blacklist.sh by removing the line "install ipv6 /bin/false" and just depend on "options ipv6 disable=1" to prevent IPv6 from binding to the network stack.

[fcaviggia]

I'll take a look at it. I'm still all for disabling something if it's not being used.