IPv6(128-bit address) is a protocol that will replace the IPv4(32-bit address) network protocol and provide a much larger network address space usage. It is present in almost all linux distributions today and is in enable mode. You may need to disable it for some reason. There are multiple ways to disable ipv6 in Rocky Linux. Now let's examine it in order.
Different methods to disable IPv6
First, let's check that ipv6 is enabled:
[foc@rocky9 ~]$ ip a
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:01:bc:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.238/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
valid_lft 2273sec preferred_lft 2273sec
inet6 fe80::5054:ff:fe01:bc2a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
The information expressed with inet6
in the output we get with the ip command belongs to ipv6. Let's look with sysctl command:
[foc@rocky9 ~]$ sysctl -a | grep -i ipv6 net.ipv6.auto_flowlabels = 1 net.ipv6.bindv6only = 0 net.ipv6.calipso_cache_bucket_size = 10 net.ipv6.calipso_cache_enable = 1 net.ipv6.conf.all.accept_dad = 0 ...
Many values of ipv6 are displayed in the output. This indicates that ipv6 is enabled on the system.
Method-1: Disable IPv6 with GUI
If you are using a server with a GUI, you can learn how to disable ipv6 in this step. Go to ipv6 settings in Settings > Network > Wired > IPv6. Then you can disable ipv6 with Disable > Apply.
Activate the changes by turning the network on/off.
You have simply and successfully disabled ipv6 from the GUI.
Method-2: Disable IPv6 with nmtui
There are several alternatives to disable ipv6 from the terminal screen. One of them is nmtui. Invoke nmtui with sudo in terminal:
[foc@rocky9 ~]$ sudo nmtui
Click on Edit a connediton.
Select the interface you want to edit.
Go to IPv6 with the arrow keys on the keyboard. Then select Disabled and click OK.
Run the ip command from the terminal and you can see that ipv6 is not available.
[foc@rocky9 ~]$ ip a
...
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:01:bc:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.238/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
valid_lft 3593sec preferred_lft 3593sec
Method-3: Disable IPv6 in Grub Boot Loader
Since ipv6 is not disabled in the kernel version you are using, it can be enabled automatically when the system restarts. For this, it must be disabled from the grub settings.
Check the "GRUB_CMDLINE
" value in grub before making changes:
[foc@rocky9 ~]$ grep "GRUB_CMDLINE" /etc/default/grub
GRUB_CMDLINE_LINUX="resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap"
Write the value "ipv6.disable=1
" to the group with the sed command:
[foc@rocky9 ~]$ sudo sed -i '/GRUB_CMDLINE_LINUX/ s/"$/ ipv6.disable=1"/' /etc/default/grub
Check the GRUB_CMDLINE value again:
[foc@rocky9 ~]$ grep "GRUB_CMDLINE" /etc/default/grub
GRUB_CMDLINE_LINUX="resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap ipv6.disable=1"
Then apply the changes:
[foc@rocky9 ~]$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done
Reboot the system:
[foc@rocky9 ~]$ sudo reboot
Check ipv6 with sysctl command:
[foc@rocky9 ~]$ sudo sysctl -a | grep -i ipv6
It is expected that there will be no output as a result of the command. With this step, ipv6 is disabled.
Method-4: Disable IPv6 using grubby
In this step, grub editing will be done using grubby. This step can be simpler and faster.
Edit grub settings using grubby:
[foc@rocky9 ~]$ sudo grubby --args ipv6.disable=1 --update-kernel DEFAULT
When you pull the grub settings, you can see that the disabled value is entered for ipv6:
[foc@rocky9 ~]$ sudo grubby --info DEFAULT
index=0
kernel="/boot/vmlinuz-5.14.0-70.22.1.el9_0.x86_64"
args="ro resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap ipv6.disable=1"
...
After this process, reboot the system:
[foc@rocky9 ~]$ sudo reboot
When you pull the ipv6 settings on the system with sysctl, you can see that there are no settings for ipv6:
[foc@rocky9 ~]$ sudo sysctl -a | grep -i ipv6
The command should have a blank output, which means that all ipv6 modules have been removed from the kernel.
Method-5: Disable IPv6 Temporarily
The ipv6 disable steps made in this step are temporary. Sometimes it may be necessary to disable it for a short time. Run the following commands in order:
[foc@rocky9 ~]$ sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.all.disable_ipv6 = 1 [foc@rocky9 ~]$ sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6 = 1 [foc@rocky9 ~]$ sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6 = 1
When you query the network information again with "ip a", you can see that the ipv6 line is missing:
[foc@rocky9 ~]$ ip a
...
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:01:bc:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.238/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
valid_lft 3518sec preferred_lft 3518sec
Method-6: Disable IPv6 Permanently
Another method to disable ipv6 from terminal is to edit the sysctl.conf
file. Open the sysctl.conf file with an editor:
[foc@rocky9 ~]$ sudo vi /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6 = 1
View the settings entered with the -p parameter:
[foc@rocky9 ~]$ sudo sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
To check that ipv6 is disabled:
[foc@rocky9 ~]$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
You can see that ipv6 is not active when checked with the ip command:
[foc@rocky9 ~]$ ip a
...
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:01:bc:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.238/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0
valid_lft 3355sec preferred_lft 3355sec
Summary
We have provided solutions to the problem of disabling ipv6 with different methods. Alternatives are always available in Linux. You can apply whichever is easier for you.
References
- Linux disable IPv6 properly (with or without reboot)
- 6 simple methods to check if ipv6 is enabled in Linux