4 files changed, 44 insertions, 13 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index b041f15f3321..10213fe25199 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -446,6 +446,10 @@ icmp_bmcastecho="NO"	# respond to broadcast ping packets
 ### IPv6 options: ###
 ipv6_network_interfaces="auto"	# List of IPv6 network interfaces
 				# (or "auto" or "none").
+ipv6_activate_all_interfaces="NO"	# If NO, interfaces which have no
+					# corresponding $ifconfig_IF_ipv6 is
+					# marked as IFDISABLED for security
+					# reason.
 ipv6_defaultrouter="NO"		# Set to IPv6 default gateway (or NO).
 #ipv6_defaultrouter="2002:c058:6301::"	# Use this for 6to4 (RFC 3068)
 ipv6_static_routes=""		# Set to static route list (or leave empty).
@@ -506,7 +510,8 @@ ipv6_ipfilter_rules="/etc/ipf6.rules"	# rules definition file for ipfilter,
 					# for examples
 ip6addrctl_enable="YES"	# Set to YES to enable default address selection
 ip6addrctl_verbose="NO"	# Set to YES to enable verbose configuration messages
-ipv6_prefer="NO"	# Use IPv6 when both IPv4 and IPv6 can be used
+ip6addrctl_policy="AUTO"	# A pre-defined address selection policy
+				# (ipv4_prefer, ipv6_prefer, or AUTO)
 
 ##############################################################
 ###  System console options  #################################
diff --git a/etc/network.subr b/etc/network.subr
index 8097463d7358..afd568cbfb56 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -100,7 +100,7 @@ ifconfig_up()
 				_ipv6_opts="-accept_rtadv"
 			fi
 		else
-			if checkyesno ipv6_prefer; then
+			if checkyesno ipv6_activate_all_interfaces; then
 				_ipv6_opts="-ifdisabled"
 			else
 				_ipv6_opts="ifdisabled"
diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl
index d3b185617959..d38018c4cdd7 100755
--- a/etc/rc.d/ip6addrctl
+++ b/etc/rc.d/ip6addrctl
@@ -19,8 +19,10 @@ extra_commands="status prefer_ipv6 prefer_ipv4"
 status_cmd="ip6addrctl"
 prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
 prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
+config_file="/etc/ip6addrctl.conf"
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer ip6addrctl_policy
 
 ip6addrctl_prefer_ipv6()
 {
@@ -53,17 +55,40 @@ ip6addrctl_start()
 	afexists inet6 || return 0
 
 	# install the policy of the address selection algorithm.
-	if [ -f /etc/ip6addrctl.conf ]; then
-		ip6addrctl flush >/dev/null 2>&1
-		ip6addrctl install /etc/ip6addrctl.conf
-		checkyesno ip6addrctl_verbose && ip6addrctl
-	else
-		if checkyesno ipv6_prefer; then
-			ip6addrctl_prefer_ipv6
+	case "${ip6addrctl_policy}" in
+	[Aa][Uu][Tt][Oo])
+		if [ -r "${config_file}" -a -s "${config_file}" ]; then
+			ip6addrctl flush >/dev/null 2>&1
+			ip6addrctl install "${config_file}"
+			checkyesno ip6addrctl_verbose && ip6addrctl
 		else
-			ip6addrctl_prefer_ipv4
+			if checkyesno ipv6_activate_all_interfaces; then
+				ip6addrctl_prefer_ipv6
+			else
+				ip6addrctl_prefer_ipv4
+			fi
 		fi
-	fi
+	;;
+	ipv4_prefer)
+		ip6addrctl_prefer_ipv4
+	;;
+	ipv6_prefer)
+		ip6addrctl_prefer_ipv6
+	;;
+	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+		# Backward compatibility when ipv6_prefer=YES
+		ip6addrctl_prefer_ipv6
+	;;
+	[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+		# Backward compatibility when ipv6_prefer=NO
+		ip6addrctl_prefer_ipv4
+	;;
+	*)
+		warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \
+		    " \"ipv4_prefer\" is used instead."
+		ip6addrctl_prefer_ipv4
+	;;
+	esac
 }
 
 ip6addrctl_stop()
diff --git a/etc/rc.d/netif b/etc/rc.d/netif
index f982cfce6474..01da302c5dfe 100755
--- a/etc/rc.d/netif
+++ b/etc/rc.d/netif
@@ -41,7 +41,8 @@ clonedown_cmd="clone_down"
 extra_commands="cloneup clonedown"
 cmdifn=
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer
 
 network_start()
 {