If we are not using IPv6 in our environment why can’t we go-head to disable it?

In this guide, we are about to see how to disable the IPv6 in Linux servers. In most of the production environment we have not yet started with implementing IPv6, Top companies like Akamai, Vmware, Comcast are started using long back. This may take another few years to come into prod for thousands of firms. Let’s continue to disable IPv6 in various Linux flavours.




First of all, let us see how to disable IPv6 in RedHat based Operating system 6 and 7. Following steps can be carried out on RedHat Enterprise Linux, Centos Linux, Oracle Linux and Scientific Linux.

Red Hat Linux 6 and Family:

Method 1: Disable using module and service.

Create a file ipv6.conf under modprobe.d and disable the service persistently and reboot the server to take effect.

# echo "options ipv6 disable=1" > /etc/modprobe.d/ipv6.conf
# chkconfig ip6tables off
# reboot


Method 2: Disable using “sysctl” and reboot.

Edit the sysctl.conf and append with two lines. Changing from 1 to 0 will re-enable the IPv6.

# vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

If /etc/hosts have any IPv6 entry make sure to remove them.

Steps for Red Hat Linux 7 and Family:

Method 1: Disable using “sysctl”, we can disable the IPv6 by including interface name in sysctl.conf configuration.

Now we are enabled with IPv6 as per the “ifconfig” output and /proc output.

[root@splunk ~]# ifconfig | grep -i 'inet6'
inet6 fe80::a336:2382:1d66:2285 prefixlen 64 scopeid 0x20<link>
inet6 ::1 prefixlen 128 scopeid 0x10<host>
[root@splunk ~]#

[root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 
0
[root@splunk ~]#

Let us disable and verify the same.

Edit the sysctl.conf and append with configurations.

# vi /etc/sysctl.d/99-sysctl.conf

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens33.disable_ipv6 = 1

Now let us verify the same.

[root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 
1
[root@splunk ~]# 
[root@splunk ~]# ifconfig | grep -i 'inet6'
[root@splunk ~]#

In our test environment, we have the localhost (lo) interface and 1 management interface (ens33).

Once done with sysctl configuration rebuild the Init RAM image and reboot the server.

# dracut -f

Using “sysctl” we have disabled successfully.

Method 2: Using the kernel parameter.

Edit the grub and append with “ipv6.disable=1”. Removing or making 1 to 0 will re-enable the IPv6 for all available interfaces.

# vi /etc/default/grub

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap ipv6.disable=1 rhgb quiet"

Rebuild the grub using “grub2-mkconfig” and reboot the server.

# grub2-mkconfig -o /boot/grub2/grub.cfg

# reboot


Disabling IPv6 in Ubuntu Linux:




To disable IPv6 in Ubuntu is not too far different from RHEL base OS. In below “ifconfig” output we are able to see IPv6 address lets disable and check the result.

sysadmin@ubuntu:~$ ifconfig | grep -i 'inet6'
inet6 addr: fe80::20c:29ff:fe53:dd19/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
sysadmin@ubuntu:~$

Edit the sysctl configuration file and append with three lines at the end of the file.

$ sudo vi /etc/sysctl.d/99-sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Run with “sysctl -p” command to make the changes effect.





Verify the changes, If we get value 1 then IPv6 has been disabled.

$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6

Now, whenever we run “ifconfig” we don’t get IPv6 information.

If you need to disable IPv6 in Arch Linux exactly the Ubuntu steps can be followed. That’s it we have seen how to disable IPv6 in various Linux flavours. Provide your feedback in below comment section.

4 COMMENTS

  1. Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
    For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
    For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709

  2. Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
    For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
    For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709

LEAVE A REPLY

Please enter your comment!
Please enter your name here