[squid-users] Squid keeps using ipv6 using ssl_bump

Amos Jeffries squid3 at treenet.co.nz
Mon Apr 23 10:42:33 UTC 2018


On 23/04/18 20:27, Enrico Michieletti wrote:
> Hi!
> 
> I’m using squid from long time, as my network isn’t ipv6 enabled, I’ve
> disabled it in squid using
> 
> dns_v4_first on
> 

That directives means it tries IPv4 *first*, not "only".

If *all* attempts fail the last one tried will naturally be an IPv6
whenever the server has support for both v4 (tried first) and v6 (tried
last).


> tcp_outgoing_address 0.0.0.0 all
> 

This does nothing by itself but waste CPU. Outgoing address is separated
by protocol, so the above only says "use default address for all
IPv4-only traffic".

> 
> and on the interface network script on centos
> 
> IPV6INIT=no
> 

This does not prevent servers and clients outside your machine
supporting or trying to use IPv6. All it will do is break traffic going
through your proxy machine.

What you should really do is enable IPv6 and use firewall rules to block
the traffic you do not want to go through. Whether that is "all IPv6" or
something better suited to your clients needs.

Amos


More information about the squid-users mailing list