Disable IPv6 on Interface in Debian Wheezy?

networking debian ipv6

25,781

According to this answer, the following in /etc/sysctl.conf should disable IPv6 on all interfaces :

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Edit: for only one interface, the following should do the trick (replace <interface> with the interface's name) :

net.ipv6.conf.<interface>.disable_ipv6 = 1

25,781

jww

Updated on September 18, 2022

Comments

jww over 1 year

I'm working on Debian Wheezy:

$ uname -a
Linux openstack1 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux

I set up two networks for VirtualBox:

# Public network vboxnet0 (10.1.0.0/16)
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet0 --ip 10.1.0.254 --netmask 255.255.0.0

# Private network vboxnet1 (10.2.0.0/16)
VBoxManage hostonlyif create
VBoxManage hostonlyif ipconfig vboxnet1 --ip 10.2.0.254 --netmask 255.255.0.0
...

# VirtualBox Network
VBoxManage modifyvm openstack1 --nic1 nat \
  --nic2 hostonly --hostonlyadapter2 vboxnet0 \
  --nic3 hostonly --hostonlyadapter3 vboxnet1

In the virtual machine, I have the following in /etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# Primary network interface
auto eth0
iface eth0 inet dhcp

# Public network (OpenStack)
auto eth1
iface eth1 inet static
    address 10.1.0.10
    netmask 255.255.0.0
    network 10.1.0.0
    broadcast 10.1.255.255

# Private network (OpenStack)
auto eth2
iface eth2 inet static
    address 10.2.0.10
    netmask 255.255.0.0
    network 10.2.0.0
    broadcast 10.2.255.255

When I examine the interface configuration, IPv6 is enabled:

$ sudo ifconfig
[sudo] password for openstack: 
eth0      Link encap:Ethernet  HWaddr 08:00:27:6f:c5:38  
          inet addr:172.16.1.23  Bcast:172.31.255.255  Mask:255.240.0.0
          inet6 addr: fe80::a00:27ff:fe6f:c538/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:614 errors:0 dropped:0 overruns:0 frame:0
          TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:61279 (59.8 KiB)  TX bytes:13336 (13.0 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:79:99:40  
          inet addr:10.1.0.10  Bcast:10.1.255.255  Mask:255.255.0.0
          inet6 addr: fe80::a00:27ff:fe79:9940/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5288 (5.1 KiB)  TX bytes:8485 (8.2 KiB)

eth2      Link encap:Ethernet  HWaddr 08:00:27:f1:7b:f5  
          inet addr:10.2.0.10  Bcast:10.2.255.255  Mask:255.255.0.0
          inet6 addr: fe80::a00:27ff:fef1:7bf5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5288 (5.1 KiB)  TX bytes:8690 (8.4 KiB)

man 5 interfaces does not discuss how to disable IPv6 on an interface. The Debian IPv6 Project does not specify how to disable IPv6 for Wheezy (only kernel level for Squeeze).

In the absence of documentation, I tried adding a off and disable to eth1 and eth2, but it resulted in an error:

iface eth1 inet6 off

(Apparently, the above stanza completely broke networking because I get nothing out of ifconfig and ping does not work. Additionally, eth0 and lo are down even though they were not modified.).

What do I add to /etc/network/interfaces to disable IPv6 on the interfaces I have configured?

user over 10 years

Possible duplicate of How to disable IPv6 on Debian Wheezy?
jww over 10 years

Thanks Michael. Its close, but not quite. I'm looking to disable it for the interface I configured, and not the kernel.
VL-80 over 10 years

If you will be happy with blocking IPv6 (not disabling), than you can use ip6tables to block input and output IPv6 completely, but interface still will be listening to IPv6.
Michael Hampton over 10 years

Why are you trying to disable IPv6 on an interface? You almost certainly don't need to do this.
jww over 10 years

Thanks Michael. "Why are you trying to disable IPv6 on an interface" - my little lab only provides IPv4, so there's no need for IPv6. IP v6 uses additional resources and increases attack surface. Plus it creates a lot of noise during wireshark traces. I guess I could volley it back over the net: why would people run something they don't want or need?