How to Completely disable IPv6 in Linux

Introduction

If we are not using IPv6 in our environment why can’t we go-head to disable it?. Extremely this is not a good idea to disable a feature and stop using it. However, let’s walk through it, this may help someone who is looking to disable IPv6

In this guide, we are about to see how to disable the IPv6 in Linux servers. In most of the production environment we have not yet started with implementing IPv6, Top companies like Akamai, Vmware, Comcast are started using long back. This may take another few years to come into prod for thousands of firms. Let’s continue to disable IPv6 in various Linux flavours.

Red Hat Linux 6 and Family

Method 1: Disable using module and service

Create a file ipv6.conf under modprobe.d and disable the service persistently and reboot the server to take effect.

# echo "options ipv6 disable=1" > /etc/modprobe.d/ipv6.conf
# chkconfig ip6tables off
# reboot

Once module disabled take a reboot.

Method 2: Disable using "sysctl" and reboot

Edit the sysctl.conf and append with two lines. Changing from 1 to 0 will re-enable the IPv6.

# vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

If /etc/hosts have any IPv6 entry make sure to remove them. For some applications it's mandatory to have IPv6 entry in /etc/hosts.

Steps for Red Hat Linux 7 and Family

Method 1: Disable using "sysctl", we can disable the IPv6 by including interface name in sysctl.conf configuration.

Now we are enabled with IPv6 as per the "ifconfig" output and /proc output.

[root@splunk ~]# ifconfig | grep -i 'inet6'
inet6 fe80::a336:2382:1d66:2285 prefixlen 64 scopeid 0x20<link>
inet6 ::1 prefixlen 128 scopeid 0x10<host>
[root@splunk ~]#

[root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 
0
[root@splunk ~]#

Let us disable and verify the same.

Edit the sysctl.conf and append with configurations.

# vi /etc/sysctl.d/99-sysctl.conf

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens33.disable_ipv6 = 1

Now let us verify the same.

[root@splunk ~]# cat /proc/sys/net/ipv6/conf/all/disable_ipv6 
1
[root@splunk ~]# 
[root@splunk ~]# ifconfig | grep -i 'inet6'
[root@splunk ~]#
Disable IPv6
Verify IPv6

In our test environment, we have the localhost (lo) interface and 1 management interface (ens33).

Once done with sysctl configuration rebuild the Init RAM image and reboot the server.

# dracut -f

Using "sysctl" we have disabled successfully.

Method 2: Disable using the kernel parameter.

Edit the grub and append with "ipv6.disable=1". Removing or making 1 to 0 will re-enable the IPv6 for all available interfaces.

# vi /etc/default/grub

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap ipv6.disable=1 rhgb quiet"

Rebuild the grub using "grub2-mkconfig" and reboot the server.

# grub2-mkconfig -o /boot/grub2/grub.cfg

# reboot

After making changes to grub take a reboot to make it effect.

Disable IPv6 in Ubuntu Linux

To disable IPv6 in Ubuntu is not too far different from RHEL base OS. In below "ifconfig" output we are able to see IPv6 address lets disable and check the result.

sysadmin@ubuntu:~$ ifconfig | grep -i 'inet6'
inet6 addr: fe80::20c:29ff:fe53:dd19/64 Scope:Link
inet6 addr: ::1/128 Scope:Host
sysadmin@ubuntu:~$
Printing IPv6
Before disabling IPv6

Edit the sysctl configuration file and append with three lines at the end of the file.

$ sudo vi /etc/sysctl.d/99-sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Run with "sysctl -p" command to make the changes effect.

Disable IPv6 in Ubuntu
IPv6 disabled

Verify the changes, If we get value 1 then IPv6 has been disabled.

$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
After IPv6 disabled
After disabling IPv6

Now, whenever we run "ifconfig" we don't get IPv6 information.

If you need to disable IPv6 in Arch Linux exactly the Ubuntu steps can be followed. That's it we have seen how to disable IPv6 in various Linux flavours.

Conclusion

To disable IPv6 in Linux we need to follow only few steps, however this is not a good practise to disable the feature instead of using it. Provide your feedback in below comment section and subscribe to our news letter.

4 thoughts on “How to Completely disable IPv6 in Linux

  1. Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
    For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
    For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709

  2. Great document. I would like to add a word of caution. Although disabling ipv6 through modprobe or grub is more thorough, doing so will cause problems with services that require the ipv6 module to exist and subsequently cause excessive logging. I prefer to disable ipv6 through sysctl (net.ipv6.conf*) and on a per service basis. That way networking/interfaces are not listening for ipv6, but the services still think it is active and don’t throw errors.
    For example, I disable ipv6 through sysctl using net.ipv6.conf* as you describe above and also disable ipv6 individually for sshd, networking, rsyslog, ntp, and postfix. There are many other services that you could disable ipv6 as well, but as long as the networking is not listening for ipv6 there should be no outside communication over ipv6.
    For those of you with a Red Hat account check this out: https://access.redhat.com/solutions/8709

Comments are closed.