--- init.d/ipfw.in.orig	2008-05-28 16:39:52 +0300
+++ init.d/ipfw.in	2008-08-26 17:24:17 +0300
@@ -4,6 +4,9 @@
 
 # This is based on /etc/rc.firewall and /etc/rc.firewall6 from FreeBSD
 
+HAVEIP6=true
+sysctl net.ipv6 2>/dev/null || HAVEIP6=false
+
 ipfw_ip_in=${ipfw_ip_in-any}
 ipfw_ports_in=${ipfw_ports_in-auth ssh}
 ipfw_ports_nolog=${ipfw_ports_nolog-135-139,445 1026,1027 1433,1434}
@@ -36,13 +39,15 @@
 	ipfw add deny all from any to 127.0.0.0/8
 	ipfw add deny ip from 127.0.0.0/8 to any
 
-	ipfw add pass ip6 from any to any via lo0
-	ipfw add deny ip6 from any to ::1
-	ipfw add deny ip6 from ::1 to any
+	if ${HAVEIP6}; then 
+		ipfw add pass ip6 from any to any via lo0
+		ipfw add deny ip6 from any to ::1
+		ipfw add deny ip6 from ::1 to any
 	
-	ipfw add pass ip6 from :: to ff02::/16 proto ipv6-icmp
-	ipfw add pass ip6 from fe80::/10 to fe80::/10 proto ipv6-icmp
-	ipfw add pass ip6 from fe80::/10 to ff02::/16 proto ipv6-icmp
+		ipfw add pass ip6 from :: to ff02::/16 proto ipv6-icmp
+		ipfw add pass ip6 from fe80::/10 to fe80::/10 proto ipv6-icmp
+		ipfw add pass ip6 from fe80::/10 to ff02::/16 proto ipv6-icmp
+	fi
 }
 
 start() {
@@ -62,9 +67,11 @@
 	ipfw add pass udp  from me  to any       keep-state
 	ipfw add pass icmp from me  to any       keep-state
 
-	ipfw add pass tcp  from me6 to any setup keep-state
-	ipfw add pass udp  from me6 to any       keep-state
-	ipfw add pass icmp from me6 to any       keep-state
+	if ${HAVEIP6}; then
+		ipfw add pass tcp  from me6 to any setup keep-state
+		ipfw add pass udp  from me6 to any       keep-state
+		ipfw add pass icmp from me6 to any       keep-state
+	fi
 
 	# Allow DHCP.
 	ipfw add pass udp  from 0.0.0.0 68 to 255.255.255.255 67 out
@@ -77,11 +84,13 @@
 	# Allow "mandatory" ICMP in.
 	ipfw add pass icmp from any to any icmptype 3,4,11
 
-	# Allow ICMPv6 destination unreach
-	ipfw add pass ip6 from any to any icmp6types 1 proto ipv6-icmp
-
-	# Allow NS/NA/toobig (don't filter it out)
-	ipfw add pass ip6 from any to any icmp6types 2,135,136 proto ipv6-icmp
+	if ${HAVEIP6}; then
+		# Allow ICMPv6 destination unreach
+		ipfw add pass ip6 from any to any icmp6types 1 proto ipv6-icmp
+	
+		# Allow NS/NA/toobig (don't filter it out)
+		ipfw add pass ip6 from any to any icmp6types 2,135,136 proto ipv6-icmp
+	fi
 	
 	# Add permits for this workstations published services below
 	# Only IPs and nets in firewall_allowservices is allowed in.