I'm in the process of rebuilding my IBF (invisible bridging firewall) as Ubuntu 10.04.2 LTS. In the past I have dealt with ipv6 by way of disabling it entirely. This time around I want to leave it enabled and filter it with ip6tables, etc.
All my config seems fine, except I cannot seem to discover a working method for getting the 'fe80' addresses off of my bridge-interface-cards. It might be understandable for br0 to get such an address, but under no circumstances would I want anything speaking on any layer higher than '2' directly to eth0 or eth1.
Things I have tried thus far include:
1) Specifying 'inet6 manual' entries in 'interfaces'
2) Specifying 'inet6 static' and 'address ::'
3) sysctl.conf '0' for various inet6 settings found via Google
4) 'post-up echo 0 >' as above
Nothing seems to work. If I run a 'ip -6 addr del' command, I can get it to go away, but that (as you likely know) doesn't last and it doesn't survive a reboot.
What I want is the equivalent to ipv4's '0.0.0.0' addressing - a non-functional, yet not unconfigured address.
Ideas?