In this tutorial I will share the steps required to disable IPv6 completely from your Linux server. There are couple of methods to achieve this requirement, I will share the ones which I am familiar with. Normally we disable IPv6 in the network but we somehow miss to update this on other dependent configuration files such as /etc/hosts
, sshd_config file etc. So it is important that you update all the dependent configuration files to not use IPv6 any more.
You may also read my previous article to configure IPv6 address in Linux.
Method-1: Linux Disable IPv6 using grubby (Requires reboot)
In this example we will use grubby command to update the kernel boot entries and disable IPv6. grubby command is very user friendly and can be used for automation via scripts. We will use below command to update the kernel arguments of the DEFAULT kernel with ipv6.disable=1
. This parameter will make sure that IPv6 is disabled on the next reboot.
# grubby --args ipv6.disable=1 --update-kernel DEFAULT
Verify the updated entries of kernel arguments on the default kernel
# grubby --info DEFAULT
Below is a snippet from my server terminal
Next reboot the server and post reboot check the output for below command
# sysctl -a | grep -i ipv6
You should get empty output which means that all the ipv6 modules are unloaded from the kernel
Next go to the last section of this tutorial to disable IPv6 across different configuration files
Method-2: Linux disable IPv6 using GRUB2 configuration (Requires Reboot)
In this section we will use GRUB2 configuration to disable IPv6 completely. You need to append ipv6.disable=1
at the end of line with GRUB_CMDLINE_LINUX
in /etc/default/grub
file. You can use below sed
for this purpose as I have used below or manually open the file using any editor and append:
# sed -i '/GRUB_CMDLINE_LINUX/ s/"$/ ipv6.disable=1"/' /etc/default/grub
Now verify if ipv6.disable=1
was properly added:
# grep ipv6 /etc/default/grub
GRUB_CMDLINE_LINUX="resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet biosdevname=0 net.ifnames=0 ipv6.disable=1"
Next rebuild your grub2 configuration file:
~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... done
Next reboot your server and check the output for below command
# sysctl -a | grep -i ipv6
You should get empty output which means that all the ipv6 modules are unloaded from the kernel
Next go to the last section of this tutorial to disable IPv6 across different configuration files
Method-3: Linux disable IPv6 using sysctl (Without Reboot)
This is another method to disable IPv6 but in this case we don't unload the IPv6 modules as we did with above methods, instead we will just disable IPv6 so that it cannot be configured or used.
Xforwarding
unless sshd_config contains AddressFamily inet. So if you are planning to use this method and are also using XForwarding
then it is strongly recommended to add "AddressFamily inet
" in /etc/ssh/sshd_config
and restart the sshd serviceBefore I start, you can check that currently an inet6
address is assigned to my eth0
interface
To disable IPv6 runtime, append 1
to the below sysctl
configuration files
# echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6 # echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
Next you can verify, you will not see inet6
when you list the available interfaces and their IP addresses with ip a
command
As you see, there is no inet6
interface for eth0
anymore.
So IPv6 is disabled without any reboot. But these changes are not persistent across reboot so to make it permanent we need to add these to sysctl
configuration file. Create a new config file inside /etc/sysctl.d/
and add below lines
# cat /etc/sysctl.d/98-disable_ipv6.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.<interface>.disable_ipv6 = 1
in this file. Replace <interface>
with all the interface from your Linux server, for example: eth0, eth1 etcNext execute sysctl -p
to update the configuration (anyhow since we have manually added 1
to these entries earlier, you may skip this step)
# sysctl -p /etc/sysctl.d/98-disable_ipv6.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
Create a backup of the initramfs:
# cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).bak.$(date +%m-%d-%H%M%S).img
Then rebuild the Initial RAM Disk Image using, this command may give a long list of output on the screen:
# dracut -f -v
Verify the content of initramfs
to make sure the newly added sysctl
configuration file is part of the initramfs
# lsinitrd /boot/initramfs-$(uname -r).img | grep 'etc/sysctl.d/98-disable_ipv6.conf'
-rw-r--r-- 1 root root 75 Sep 6 2019 etc/sysctl.d/98-disable_ipv6.conf
Now even if your server is rebooted, the IPv6 changes will be persistent across reboot.
Lastly go to the next section of this tutorial to disable IPv6 across different configuration files
4. Post Action - Disable IPv6 across Linux configuration files
Now since you have disabled IPv6 in the network, you should also consider to disable the same across multiple Linux configuration files or you may get different errors reported on your Linux server.
4.1: In /etc/hosts
Comment out any IPv6 addresses found in /etc/hosts, including ::1
localhost address
# cp -p /etc/hosts /etc/hosts.disableipv6 # sed -i 's/^[[:space:]]*::/#::/' /etc/hosts
4.2: In /etc/ssh/sshd_config
As informed earlier if problems with X forwarding are encountered on systems with IPv6 disabled, edit /etc/ssh/sshd_config
and make either of the following changes:
Change the line
#AddressFamily any
to
AddressFamily inet
and restart sshd service
# systemctl restart sshd.service
4.3: In Postfix (/etc/postfix/main.cf)
If you are using postfix then you should also make these changes in the /etc/postfix/main.cf
and comment out the localhost part of the config and use ipv4 loopback.
#inet_interfaces = localhost
inet_interfaces = 127.0.0.1
Restart postfix service
# systemctl restart postfix
4.4: In /etc/ntp.conf
If you are using legacy ntp.conf
to sync your local time with NTP server then comment the line related to IPV6 in /etc/ntp.conf
# restrict ::1
Next restart ntpd service
# systemctl restart ntpd
4.5: In /etc/netconfig
To disable RPCBIND ipv6 (rpcbind, rpc.mountd, prc.statd) remark out the udp6
and tcp6
lines in /etc/netconfig:
udp tpi_clts v inet udp - -
tcp tpi_cots_ord v inet tcp - -
#udp6 tpi_clts v inet6 udp - -
#tcp6 tpi_cots_ord v inet6 tcp - -
rawip tpi_raw - inet - - -
local tpi_cots_ord - loopback - - -
You don't need to restart any service and the changes will take affect runtime.
4.6: In chrony
If you are using chrony instead of NTP to sync your local server with Network timezone, then to disable chronyd
service on a upd6
socket create /etc/sysconfig/chronyd
file using any text editor, with line below:
OPTIONS="-4"
Restart chronyd
service
# systemctl restart chronyd
You can verify the same using netstat
to lists chronyd
process listening on udp6
# netstat -plan | egrep 'tcp6|udp6'
Conclusion
In this tutorial we learned about how we can disable IPv6 properly across all the relevant configuration files and network. You can achieve this with or without reboot. Although in most environment I have observed issues when I disabled IPv6 using sysctl as the the module is still loaded on the server so some application may fail to work or throw error so I prefer to completely unload the ipv6 module from the Linux server to avoid any conflicts.
References
How do I disable or enable the IPv6 protocol in RHEL/CentOS Linux
How to disable IPv6 in Ubuntu 14.04
Disabling IPv6 on Mint and Debian
Also
should be
On RHEL/CentOS and similar distribution we use
grub2-mkconfig
On Ubuntu/Debian we have
grub-update
orgrub2-update
.Option 2
That doesn’t actually output to the file. Just displays the modification
Should be something similar to
Thanks for highlighting this, I missed
-i
argument to do infile changes. I have updated the command