Table of Contents
Introduction
If we are not using IPv6 in our environment why can’t we go-head to disable it?. Extremely this is not a good idea to disable a feature and stop using it. However, let’s walk through it, this may help someone who is looking to disable IPv6
In this guide, we are about to see how to disable the IPv6 in Linux servers. In most of the production environment we have not yet started with implementing IPv6, Top companies like Akamai, Vmware, Comcast are started using long back. This may take another few years to come into prod for thousands of firms. Let’s continue to disable IPv6 in various Linux flavours.
Red Hat Linux 6 and Family
Method 1: Disable using module and service
Create a file ipv6.conf under modprobe.d and disable the service persistently and reboot the server to take effect.
# echo "options ipv6 disable=1" > /etc/modprobe.d/ipv6.conf # chkconfig ip6tables off # reboot
Once module disabled take a reboot.
Method 2: Disable using "sysctl" and reboot
Edit the sysctl.conf and append with two lines. Changing from 1 to 0 will re-enable the IPv6.
# vi /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
If /etc/hosts have any IPv6 entry make sure to remove them. For some applications it's mandatory to have IPv6 entry in /etc/hosts.
Steps for Red Hat Linux 7 and Family
Method 1: Disable using "sysctl", we can disable the IPv6 by including interface name in sysctl.conf configuration.
Now we are enabled with IPv6 as per the "ifconfig
" output and /proc output.
[root@splunk ~]# ifconfig | grep -i 'inet6' inet6 fe80::a336:2382:1d66:2285 prefixlen 64 scopeid 0x20<link> inet6 ::1 prefixlen 128 scopeid 0x10<host> [root@splunk ~]# [root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 0 [root@splunk ~]#
Let us disable and verify the same.
Edit the sysctl.conf and append with configurations.
# vi /etc/sysctl.d/99-sysctl.conf net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.ens33.disable_ipv6 = 1
Now let us verify the same.
[root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 1 [root@splunk ~]# [root@splunk ~]# ifconfig | grep -i 'inet6' [root@splunk ~]#
In our test environment, we have the localhost (lo) interface and 1 management interface (ens33).
Once done with sysctl configuration rebuild the Init RAM image and reboot the server.
# dracut -f
Using "sysctl" we have disabled successfully.
Method 2: Disable using the kernel parameter.
Edit the grub and append with "ipv6.disable=1". Removing or making 1 to 0 will re-enable the IPv6 for all available interfaces.
# vi /etc/default/grub GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap ipv6.disable=1 rhgb quiet"
Rebuild the grub using "grub2-mkconfig" and reboot the server.
# grub2-mkconfig -o /boot/grub2/grub.cfg # reboot
After making changes to grub take a reboot to make it effect.
Disable IPv6 in Ubuntu Linux
To disable IPv6 in Ubuntu is not too far different from RHEL base OS. In below "ifconfig
" output we are able to see IPv6 address lets disable and check the result.
sysadmin@ubuntu:~$ ifconfig | grep -i 'inet6' inet6 addr: fe80::20c:29ff:fe53:dd19/64 Scope:Link inet6 addr: ::1/128 Scope:Host sysadmin@ubuntu:~$
Edit the sysctl configuration file and append with three lines at the end of the file.
$ sudo vi /etc/sysctl.d/99-sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Run with "sysctl -p
" command to make the changes effect.
Verify the changes, If we get value 1 then IPv6 has been disabled.
$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
Now, whenever we run "ifconfig
" we don't get IPv6 information.
If you need to disable IPv6 in Arch Linux exactly the Ubuntu steps can be followed. That's it we have seen how to disable IPv6 in various Linux flavours.
Conclusion
To disable IPv6 in Linux we need to follow only few steps, however this is not a good practise to disable the feature instead of using it. Provide your feedback in below comment section and subscribe to our news letter.
Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709
Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709
Just out of curiosity, why do you want to disable IPv6? If you look at stats such as http://www.worldipv6launch.org/measurements/ or Google’s IPv6 measurements, the deployment is moving along quite strongly. Just curious to understand more.
Just out of curiosity, why do you want to disable IPv6? If you look at stats such as http://www.worldipv6launch.org/measurements/ or Google’s IPv6 measurements, the deployment is moving along quite strongly. Just curious to understand more.