Want to subscribe to topics you're interested in?
Become a Member

Beta Branch update fix for checkipvsix function + add DISABLE_IPVSIX variable

Discussion in 'Centmin Mod Github Commits' started by eva2000, May 24, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    update fix for checkipvsix function + add DISABLE_IPVSIX variable

    In 123.09beta01, the checkipvsix function in /inc/cpcheck.inc was used to detect if system had IPv6 support to enable CSF Firewall's IPV6 option. But the check for IPv6 was not completely correct as it only checked for NETWORKING_IPV6=yes in /etc/sysconfig/network. If end users followed official guide to disable IPv6 at https://wiki.centos.org/FAQ/CentOS7#head-8984faf811faccca74c7bcdd74de7467f2fcd8ee, then NETWORKING_IPV6=yes in /etc/sysconfig/network would still exist but IPv6 in fact would of been disabled so would of incorrectly enabled IPV6 option in /etc/csf/csf.conf. This committed update fixes the IPv6 detection to include detecting for:

    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1

    If both = 1, then IPv6 is also considered disabled so IPV6 = '0' set in /etc/csf/csf.conf.

    Additionally, added new override variable DISABLE_IPVSIX='n' which is default which lets IPv6 work if it exists. You can set DISABLE_IPVSIX='y' in persistent config file at /etc/centminmod/custom_config.inc as outlined on official site at http://centminmod.com/upgrade.html#persistent to override defaults to disable system IPv6 support.

    So setting DISABLE_IPVSIX='y', will set

    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1

    and

    IPV6 = '0' set in /etc/csf/csf.conf

    Setting DISABLE_IPVSIX='n' which is default already, will set

    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0

    and

    IPV6 = '1' set in /etc/csf/csf.conf

    For existing users, updating Centmin Mod 123.09beta01 via centmin.sh menu option 23 submenu option 2, then exiting centmin.sh and re-running centmin.sh will trigger checkipvsix function to auto sync the committed changes.

    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, users using Linux Kernel 4.x i.e. Linode might run into these errors on running centmin.sh - looking into it but there's no harm :)

    Code (Text):
    sysctl -a | awk '/net.ipv6.conf.all.disable_ipv6/ {print $NF}'
    error: "Input/output error" reading key "net.ipv6.conf.all.stable_secret"
    0
    error: "Input/output error" reading key "net.ipv6.conf.default.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.dummy0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.eth0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.gre0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.gre1.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.gretap0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.ip6_vti0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.ip6gre0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.ip6tnl0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.ip_vti0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.lo.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.sit0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.teql0.stable_secret"
    error: "Input/output error" reading key "net.ipv6.conf.tunl0.stable_secret"
    


    edit: fixed https://community.centminmod.com/threads/fix-checkipvsix-function-for-linux-kernel-4-x.11779/
     
    Last edited: May 24, 2017
  3. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    5:40 PM
    1.11
    10.2
    Mine has:
    Is that fine?
     
  4. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    5:40 PM
    1.11
    10.2
    I already have:
    On /etc/sysctl.d/101-sysctl.conf

    Is it fine?
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    If you have that to disable IPv6 then IPV6="0" in csf.conf is correct result. The routine for you would just duplicate
    Code (Text):
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    

    in both /etc/sysctl.d/101-sysctl.conf and /etc/sysctl.conf right now which would end up with same result = IPv6 disabled system wide. If that is the case, you can remove the duplicates in /etc/sysctl.d/101-sysctl.conf
     
    Last edited: May 25, 2017
    • Like Like x 1
  6. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    5:40 PM
    1.11
    10.2
    What I mean here is there any difference with double and single qoute?
    IPV6 = "0" vs IPV6 = '0'.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:40 PM
    Nginx 1.13.x
    MariaDB 5.5
    shouldn't be but use double quotes as that is the pattern used for csf.conf

    my routine will work for both single and double quoted IPV6 variable in /etc/csf/csf.conf
     
    • Like Like x 1