Disable IPv6 on Interface in Debian Wheezy?
According to this answer, the following in /etc/sysctl.conf
should disable IPv6 on all interfaces :
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Edit: for only one interface, the following should do the trick (replace <interface>
with the interface's name) :
net.ipv6.conf.<interface>.disable_ipv6 = 1
Related videos on Youtube
jww
Updated on September 18, 2022Comments
-
jww over 1 year
I'm working on Debian Wheezy:
$ uname -a Linux openstack1 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
I set up two networks for VirtualBox:
# Public network vboxnet0 (10.1.0.0/16) VBoxManage hostonlyif create VBoxManage hostonlyif ipconfig vboxnet0 --ip 10.1.0.254 --netmask 255.255.0.0 # Private network vboxnet1 (10.2.0.0/16) VBoxManage hostonlyif create VBoxManage hostonlyif ipconfig vboxnet1 --ip 10.2.0.254 --netmask 255.255.0.0 ... # VirtualBox Network VBoxManage modifyvm openstack1 --nic1 nat \ --nic2 hostonly --hostonlyadapter2 vboxnet0 \ --nic3 hostonly --hostonlyadapter3 vboxnet1
In the virtual machine, I have the following in
/etc/network/interfaces
:# The loopback network interface auto lo iface lo inet loopback # Primary network interface auto eth0 iface eth0 inet dhcp # Public network (OpenStack) auto eth1 iface eth1 inet static address 10.1.0.10 netmask 255.255.0.0 network 10.1.0.0 broadcast 10.1.255.255 # Private network (OpenStack) auto eth2 iface eth2 inet static address 10.2.0.10 netmask 255.255.0.0 network 10.2.0.0 broadcast 10.2.255.255
When I examine the interface configuration, IPv6 is enabled:
$ sudo ifconfig [sudo] password for openstack: eth0 Link encap:Ethernet HWaddr 08:00:27:6f:c5:38 inet addr:172.16.1.23 Bcast:172.31.255.255 Mask:255.240.0.0 inet6 addr: fe80::a00:27ff:fe6f:c538/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:614 errors:0 dropped:0 overruns:0 frame:0 TX packets:120 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:61279 (59.8 KiB) TX bytes:13336 (13.0 KiB) eth1 Link encap:Ethernet HWaddr 08:00:27:79:99:40 inet addr:10.1.0.10 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::a00:27ff:fe79:9940/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35 errors:0 dropped:0 overruns:0 frame:0 TX packets:55 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5288 (5.1 KiB) TX bytes:8485 (8.2 KiB) eth2 Link encap:Ethernet HWaddr 08:00:27:f1:7b:f5 inet addr:10.2.0.10 Bcast:10.2.255.255 Mask:255.255.0.0 inet6 addr: fe80::a00:27ff:fef1:7bf5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35 errors:0 dropped:0 overruns:0 frame:0 TX packets:55 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5288 (5.1 KiB) TX bytes:8690 (8.4 KiB)
man 5 interfaces
does not discuss how to disable IPv6 on an interface. The Debian IPv6 Project does not specify how to disable IPv6 for Wheezy (only kernel level for Squeeze).In the absence of documentation, I tried adding a
off
anddisable
toeth1
andeth2
, but it resulted in an error:iface eth1 inet6 off
(Apparently, the above stanza completely broke networking because I get nothing out of
ifconfig
andping
does not work. Additionally,eth0
andlo
are down even though they were not modified.).What do I add to
/etc/network/interfaces
to disable IPv6 on the interfaces I have configured?-
user over 10 yearsPossible duplicate of How to disable IPv6 on Debian Wheezy?
-
jww over 10 yearsThanks Michael. Its close, but not quite. I'm looking to disable it for the interface I configured, and not the kernel.
-
VL-80 over 10 yearsIf you will be happy with blocking IPv6 (not disabling), than you can use
ip6tables
to block input and output IPv6 completely, but interface still will be listening to IPv6. -
Michael Hampton over 10 yearsWhy are you trying to disable IPv6 on an interface? You almost certainly don't need to do this.
-
jww over 10 yearsThanks Michael. "Why are you trying to disable IPv6 on an interface" - my little lab only provides IPv4, so there's no need for IPv6. IP v6 uses additional resources and increases attack surface. Plus it creates a lot of noise during wireshark traces. I guess I could volley it back over the net: why would people run something they don't want or need?
-
-
mpb over 5 yearsYou may need to run
sudo sysctl -p
after making the above changes. (Or, alternatively, you could reboot.)