How to disable IPv6 in Debian when sysctl.conf and GRUB_CMDLINE_LINUX doesn't work?
Been a long time Debian sysadmin, administering hundred of Debian VMs, and I can assure you issuing sysctl+kernel settings to disable IPv6, is more than enough to kill it off for good.
Your problem here in your scenario, is that is not enough to edit /etc/default/grub, for the parameter(s) there to be applied to the kernel.
You also have to do:
sudo update-grub2
And then reboot, for the kernel parameter to disable IPv6 to take effect.
By the way, you can check it out which parameters were passed to your kernel, in run-time:
$ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.10.5-antix.3-amd64-smp root=UUID=00c17984-859f-4197-8bd8-b346ddd092bd ro iommu=1 intel_iommu=on iommu=pt ipv6.disable=1 intremap=no_x2apic_optout radeon.modeset=0
Also, as @schweik correctly states, after you successfully manage to kill IPv6, you might want to revisit the configuration of a couple of daemons, that are compiled/have specific configuration configuration for IPv6. Watch for error messages and/or logs of errors related to IPv6, upon booting your system.
PS Also be aware that in Arm or MIPS architecture, you often do not have grub, and you have to edit a different file from /etc/default/grub. However I assume that if you are editing it, that you have grub.
Related videos on Youtube
03 : 22
02 : 36
07 : 33
08 : 41
03 : 16
AlphaCentauri
Updated on September 18, 2022Comments
-
AlphaCentauri over 1 year
First,
if I issue
sysctl net.ipv6.conf.all.disable_ipv6=1from the command line after the system has started, I get the result I want -- IPv6 is indeed disabled.Now for the problem of making this behavior persistent after a reboot.
It is easy to find suggestions for how to do this, usually they revolve around putting
net.ipv6.conf.all.disable_ipv6=1in a file in the/etc/sysctl.d/directory or in the config file for sysctl itself, namely/etc/sysctl.conf. Other approaches mentioned include addingGRUB_CMDLINE_LINUX="ipv6.disable=1"To
/etc/default/grubThis is mentioned e.g. here:
https://serverfault.com/questions/660979/how-to-disable-ipv6-support-in-linux-entirely
I've tried all of these, they don't work.
ifconfigclearly shows that IPv6 is enabled for the interface. Again, if I just do a manualsysctlafter booting, it disables it as expected.sysctl -pdoes nothing for me, only writing the command verbatim as above works.I've also tried putting the
sysctlcommand in/etc/rc.local, which I know runs correctly from observing other commands I can put there. However, despite executing, it doesn't seem to take effect.I've also tried other commands instead of just
all.disable_ipv6, such asdefault.disable_ipv6andenp0s3.disable_ipv6(I've verified that enp0s3 is indeed my Ethernet interface).This seems a bit similar to https://bugs.launchpad.net/ubuntu/+source/linux/+bug/997605 to me, but I have no idea why this happens. I'm confident that all I had to do on a different system was simply to put this in a file in /etc/sysctl.d/.
One way to disable this which I already know of, beyond what I've tried, would be to recompile the kernel manually without IPv6 support. However, this is simply too much of a kludge, it is not reliable, and it is too much work to do and maintain.
-
JdeBP over 5 yearsThe kernel command-line option requires both that one be actually using GRUB in the first place and that one perform the unstated extra steps to ensure that GRUB applies the setting.
-
Rui F Ribeiro over 5 yearsPlease add the output of
uname -ato your question. -
Amitav Pajni over 5 yearsWarning: You are disabling IPv6. Be sure you document this carefully for any other admins who may attempt to manage this system (including future yourself) as it is 100% guaranteed to come back to bite you at some point.
-
-
Rui F Ribeiro over 5 yearsIPv6 being "broken" in "internal" networks is relative. Many universities are deploying it in wifi networks due to the scarcity of IPv4 addresses, and even our major telecom operator here in Portugal is delivering IPv6 addresses to their Internet fiber customers. In corporate settings I often find a mix were a small part of the network is IPv6 (e.g. maybe 2%-5% of the servers need to be IPv6 enabledl).
-
schweik over 5 yearsI would not start a flame over the IPv6. In my strictly isolated office network, a private network range of
192.168.X.Xis fully suffitient and hence I simply described the way to tace the IPv6 as it was asked. -
Rui F Ribeiro over 5 yearsIn Debian I dont remember having to recompile an app because of disabling IPv6, btw, either in server or desktop settings.
-
schweik over 5 years@RuiFRibeiro I appologise that I wold not be provocative to start a flame, I recognise, that there are reason to switch to IPv6. Sorry, I didnot try to accuse someone else :-)
-
schweik over 5 yearsplease, what kind of VM engine do you use? I noticed by using KVM-Qemu many errors while disable the IPv6 in the Debian 9 running as guest VM. May I start a regular question on that?
-
Rui F Ribeiro over 5 yearsMy corporate desktop is Antix (Debian without systemd) and with IPv6 disabled btw ;) at home Armbian and OpenWRT with IPv6 disabled. I also used to administer a cluster of 200+ Debian VMs in which only half a dozen had IPv6 enabled (corporate Apache, Internet facing DNS and NTP servers). In the two ISPes that I setup up, all the Debians had IPv6 disabled. But the truth is that as time goes on, IPv6 will be more used.
-
Rui F Ribeiro over 5 years@schweik Corporate use mostly VMWare (ESX) Enterprise, some ESXi, Parallels and VMWare Fusion in my Mac, a few Hyper V, kvm and AWS here and there, Xen in the past, a few tests with bhyve, even VirtualBox. I do find HyperV and VirtualBox buggy.
-
Vlastimil Burián over 5 years-1 | For suggesting to recompile the kernel, which is 100% unnecessary.
