Disable IPv6 on one interface?

[dieselnutjob]

Hi,

I got IPv6 networking working this morning. I am using sixxs as a tunnel broker. My FreeBSD firewall has a public interface which is on a shared media access (cable internet). I don't want other people to see the IPv6 stack on my public interface, but I can't seem to switch it off.

In /etc/rc.conf I have tried

ipv6_network_interfaces="gif0 lo0"

and I have tried

ifconfig_vr0="DHCP"
ipv6_ifconfig_vr0="NOAUTO"

but my vr0 public interface still has IPv6 address

inet6 fe80::200:24ff:fecc:91c0%vr0 prefixlen 64 scopeid 0x1

How do I disable it whilst still allowing IPv6 on the gif0 interface and others?

 

[SirDice]

The fe80:: address is a non-routable link-local address. Which means nobody on the internet can connect to it.

 

[dieselnutjob]

Am I right in thinking that anyone on the same local network as me could send packets to that interface though? This would include hundreds of other users, some of whom might have been compromised, part or a botnet etc. My Internet connection is a shared access medium, not a point to point link like most ADSL lines.

 

[SirDice]

Am I right in thinking that anyone on the same local network as me could send packets to that interface though?

That's correct.

This would include hundreds of other users, some of whom might have been compromised, part or a botnet etc.
My Internet connection is a shared access medium, not a point to point link like most ADSL lines.

That's why firewalls were invented :e