i am having trouble with ipv6 in a specific program. (sf6 steam version)
completely disabling it has resolved my issues.
but this solution just doesn’t sit well with me.
is there a way to only block that one problematic program from using ipv6?
You could just setup a separate namepace with IPv6 disabled and move the process into it. I’d be more detailed, but this comment is one eyed and very sleepy, let us know how you go.
Seconding this. Take a look at the unshare program and user namespaces.
You can install ufw and a frontend for it that lets you block specific processes. https://wiki.archlinux.org/title/Uncomplicated_Firewall#GUI_frontends It seems KDE already comes with a frontend in the system settings, and there’s gufw for gnome/gtk.
Off the top of my head, the only way I can think of is to install steam using docker, and install SF6 on dockerized steam.
Then you’ve converted the problem to either configuring docker to use ipv4 internally or setting up the container to ignore ipv6, both of which are doable.
There’s a good chance it’ll be perfectly playable but without trying it out or doing more research than I’ve invested here, it’s not a guarantee.
Docker doesn’t use ipv6 by default.
Nobody out there seems to know how to do IPv6 properly. Lots of issues just went away when I disabled it on my “end user” subnets.
Harsh but true.
I feel selinux should be able to do something clever here, like it can manage/block port access.