_______ ____ ____ __  __ ____  __   ______ ______
/_   __// __// __// /_/ // _ / / /  / __  // ____/
  / /  / __// /_ / __  // _ < / /_ / /_/ // /_  /
 /_/  /___//___//_/ /_//____//___//_____//_____/
  techblog.koponen.se

 [ / ] [ howto ] [ reviews ] [ webapps ] [ youtube ] [ links ] [ about ]
-------------------------------------------------------------------------

  techblog.koponen.se
 
 [ / ] 
 [ howto   ] [ reviews ] [ webapps ] 
 [ youtube ] [ about   ] [ links   ] 
-------------------------------------

HOWTO
IPV6
DISABLE THE IPV4 STACK IN FREEBSD

Tested on:
FreeBSD-12.0 (amd64)

This article was published 20190110 here: Die IPv4, die!

-

Sometimes you just want to build an IPv6 server and completely remove it of all knowledge of IPv4.

This is how:

• Install FreeBSD-12.0 amd64 (may work on more versions)
• During install - make sure you include the system src package (aka "src")
• During install - When the installer asks "Would you like to configure IPv4 for this interface?" - choose "No"
• During install - When the installer asks "Would you like to configure IPv6 for this interface?" - choose "Yes"
• After the system is installed, you can login to the machine and type: "ifconfig", the output looks something like this:

$ ifconfig
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=60039b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TS
O6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:56:b4:50
        inet6 2001:470:de86::abcd prefixlen 64
        inet6 fe80::20c:29ff:fe56:b450%vmx0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
$

You can try to ping and stuff:

$ ping -c 2 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.019 ms
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.019/0.032/0.044/0.012 ms
$ ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
$

This means that the machine lacks IPv4 connectivity, but...
it still has the IPv4 stack loaded.
Let's fix that!

Login as root and type the commands shown below:

cd /usr/src/sys/amd64/conf

make a new file called: GENERIC-IPV6ONLY

vi GENERIC-IPV6ONLY

type this in the file:

include GENERIC
ident GENERIC-IPV6ONLY
makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT="
nooptions INET
nodevice gre

save file and type the following (as root):

cd /usr/src
make buildkernel KERNCONF=GENERIC-IPV6ONLY

(now this takes a long time, 1h or more)

When the build is done, type (as root):

make installkernel KERNCONF=GENERIC-IPV6ONLY
reboot

When the machine comes up again you can login as user and verify that it works:

$ ifconfig
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=60039b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,TS
O6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:56:b4:50
        inet6 2001:470:de86::abcd prefixlen 64
        inet6 fe80::20c:29ff:fe56:b450%vmx0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
$ ping -c 2 127.0.0.1
ping: ssend socket: Address family not supported by protocol family
$ ping -c 2 8.8.8.8
ping: ssend socket: Address family not supported by protocol family
$ ping -c 2 www.google.com
ping: ssend socket: Address family not supported by protocol family
$ ping6 -c 2 www.google.com
PING6(56=40+8+8 bytes) 2001:470:de86::abcd --> 2a00:1450:400f:806::2004
16 bytes from 2a00:1450:400f:806::2004, icmp_seq=0 hlim=57 time=2.640 ms
16 bytes from 2a00:1450:400f:806::2004, icmp_seq=1 hlim=57 time=2.876 ms
--- www.google.com ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.640/2.758/2.876/0.118 ms
$ ping6 -c 2 2001:470:de86::abcd
PING6(56=40+8+8 bytes) 2001:470:de86::abcd --> 2001:470:de86::abcd
16 bytes from 2001:470:de86::abcd, icmp_seq=0 hlim=64 time=0.060 ms
16 bytes from 2001:470:de86::abcd, icmp_seq=1 hlim=64 time=0.040 ms
--- 2001:470:de86::abcd ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.040/0.050/0.060/0.010 ms
$ ping6 -c 2 ::1
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.061 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.071 ms
--- ::1 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.061/0.066/0.071/0.005 ms
$ ping6 -c 2 2001:4860:4860::8888
PING6(56=40+8+8 bytes) 2001:470:de86::abcd --> 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=60 time=2.642 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=60 time=2.816 ms
--- 2001:4860:4860::8888 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.642/2.729/2.816/0.087 ms
$