How to disable ipv6 support in Linux entirely?

linux debian ipv6 linux-kernel ipv4

15,266

Either the sysctl lines in /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

and/or the GRUB line in /etc/default/grub

GRUB_CMDLINE_LINUX="ipv6.disable=1"

will disable ipv6 support at the system level and should be enough. If your applications still attempt to connect via ipv6, then that's the application's fault and needs to be addressed with the vendor.

The /etc/hosts file entry isn't relevant.

15,266

Admin

Updated on September 18, 2022

Comments

Admin over 1 year
We are currently setting up a some local network servers to run in a full ipv4 network. I can be sure, that this network don't have ipv6 support, and never will.

Next to that,
- partially because of a command from higher organisational levels,
- partially because we must guarantee, it never will cause any interference,
we need to somehow completely disable the ipv6 support on the kernels of there linux servers.

Yes, I can google for some sysctl settings, but it wasn't enough. For example, in the default settings of the /etc/hosts, I've also found some ipv6 records. I won't let it to cause some trouble in the future.

What exactly need to be done, to remove the whole ipv6 support from a fresh installed debian entirely? The best were a checklist/todo list, but any other form were also okay.

I checked the config files in /etc a lot, but I can't be sure I've found everything.

Any better ideas? Is there any "checklist", what need to be set up?
- Admin over 9 years
  
  Good question, bad management. It's 2015; disabling IPv6 without compelling reasons is irresponsible and stupid. And I've never heard a compelling reason. If you just don't want to be surprised when global IPv6 addresses suddenly start coming in, then you also need to firewall the network off.
- Admin over 9 years
  
  What I would tell people making such misguided requests is this: I cannot guarantee, that a dual stack deployment won't cause any problems. I can however guarantee, that completely disabling IPv6 will cause some problems.
- Admin over 9 years
  
  the only reason an dual stack deployment would cause issues that I can think of is a 6to4 issue caused by using public IPs privately
Sander Steffann over 9 years

Don't count on applications to work without IPv6 though if the OS/distro you're using is shipped with IPv6 enabled. Nobody will have tested that configuration so you will have to do your own testing and QA.
Sander Steffann over 9 years

PS: if you also have Windows boxes on that network: Microsoft haa explicitly stated that turning IPv6 of is an untested and unsupported configuration.
raja over 9 years

it's not the "applications fault" programs can still load the module as they wish. You can check this by running lsmod or modprobe -l, you will still see the ipv6.ko kernel module. This allows user mode programs to access the kernel module in their code. If an admin is actually going to do this- they've instituted their own instability.
MSalters over 7 years

Sysctl.conf needed a reboot (Debian stretch/sid) but worked otherwise. (Needed to turn off IPv6 since I needed HTTPS on IPv4, and Apache only claimed 443 on tcp6)