Linux - How to Disable IPv6

IPv6 stands as the next-generation protocol designed to address the limitations of IPv4 and accommodate the ever-expanding landscape of internet-connected devices.

Here you can see an example in which ipv6 addresses are shown:

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
		valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host
		valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 00:0c:29:29:a6:e3 brd ff:ff:ff:ff:ff:ff
	inet 10.243.0.122/24 brd 10.243.0.255 scope global ens192
		valid_lft forever preferred_lft forever
	inet6 fd8c:15c7:8f26:5700:20c:29ff:fe29:a6e3/64 scope global mngtmpaddr dynamic
		valid_lft 7197sec preferred_lft 3597sec
	inet6 fe80::20c:29ff:fe29:a6e3/64 scope link
		valid_lft forever preferred_lft forever

However, there are situations where disabling IPv6 becomes necessary, whether due to compatibility issues or security concerns:

1. Compatibility Issues: Some applications or network devices may not fully support IPv6, leading to compatibility issues or performance degradation.
2. Security Concerns: Disabling IPv6 can be part of a security strategy to reduce attack surface and simplify firewall configurations. Rule #1 also for services, if you don't use it, disable it.

In this guide, we'll explore the process of disabling IPv6 on Linux systems.

Disabling IPv6 on Linux

The process of disabling IPv6 on Linux involves modifying kernel parameters using the sysctl utility. Here's a step-by-step guide to accomplish this task:

Edit the sysctl.conf File

Use a text editor (such as nano or vi) to edit the sysctl.conf
sudo nano /etc/sysctl.conf

Add the following line at the end of the file to disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1

Save the changes

Apply the Changes

These change is not applied immediately. It can be applied by rebooting the system or without rebooting by running the following command:
sudo sysctl -p

Verify IPv6 Status

To verify that IPv6 is disabled globally, use the following command:
sysctl net.ipv6.conf.all.disable_ipv6

Check the output. If it shows net.ipv6.conf.all.disable_ipv6 = 1, IPv6 is disabled globally.

You can also run list again the ip addresses so the inet6 ones should not be shown:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
		valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 00:0c:29:29:a6:e3 brd ff:ff:ff:ff:ff:ff
	inet 10.243.0.122/24 brd 10.243.0.255 scope global ens192
		valid_lft forever preferred_lft forever

Additional Considerations

• Interface-Specific Configuration: If you only want to disable IPv6 on specific network interfaces, you can modify the corresponding parameters in sysctl.conf or use the ifconfig or ip commands to disable IPv6 on individual interfaces.
• Restarting Network Services: In some cases, you may need to restart network services or reboot the system for the changes to take effect fully.

Conclusion

Disabling IPv6 on Linux systems is a straightforward process that involves modifying kernel parameters via the sysctl utility. By following the steps outlined in this guide, you can effectively disable IPv6 either globally or on specific network interfaces based on your requirements.

somoit@dev:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
		valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host
		valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 00:0c:29:29:a6:e3 brd ff:ff:ff:ff:ff:ff
	inet 192.168.0.22/24 brd 192.168.0.255 scope global ens192
		valid_lft forever preferred_lft forever
	inet6 fd8c:15c7:8f26:5700:20c:29ff:fe29:a6e3/64 scope global mngtmpaddr dynamic
		valid_lft 7197sec preferred_lft 3597sec
	inet6 fe80::20c:29ff:fe29:a6e3/64 scope link
		valid_lft forever preferred_lft forever

nano /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
sysctl -p

somoit@dev:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
		valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 00:0c:29:29:a6:e3 brd ff:ff:ff:ff:ff:ff
	inet 192.168.0.22/24 brd 192.168.0.255 scope global ens192
		valid_lft forever preferred_lft forever