Linux关闭IPv6方法:How to disable IPv6 on Linux

Question: I notice that one of my applications is trying to establish a connection over IPv6. But since our local network is not able to route IPv6 traffic, the IPv6 connection times out, and the application falls back to IPv4, which causes unnecessary delay. As I don't have any need for IPv6 at the moment, I would like to disable IPv6 on my Linux box. What is a proper way to turn off IPv6 on Linux?

IPv6 has been introduced as a replacement of IPv4, the traditional 32-bit address space used in the Internet, to solve the imminent exhaustion of available IPv4 address space. However, since IPv4 has been used by every host or device connected to the Internet, it is practically impossible to switch every one of them to IPv6 overnight. Numerous IPv4 to IPv6 transition mechanisms (e.g., dual IP stack, tunneling, proxying) have been proposed to facilitate the adoption of IPv6, and many applications are being rewritten, as we speak, to add support for IPv6. One thing for sure is that IPv4 and IPv6 will inevitably coexist for the forseeable future.

Ideally the ongoing IPv6 transition process should not be visible to end users, but the mixed IPv4/IPv6 environment might sometimes cause you to encounter various hiccups originating from unintended interaction between IPv4 and IPv6. For example, you may experience timeouts from applications such as apt-get or ssh trying to unsuccessfully connecting via IPv6, DNS server accidentally dropping AAAA DNS records for IPv6, or your IPv6-capable device not compatible with your ISP's legacy IPv4 network, etc.

Of course this doesn't mean that you should blindly disable IPv6 on you Linux box. With all the benefits promised by IPv6 (e.g., more efficient routing, simpler network configuration), we as a society want to fully embrace it eventually, but as part of troubleshooting process for end-user experienced hiccups, you may try turning off IPv6 to see if indeed IPv6 is a culprit.

Here are a few techniques allowing you to disable IPv6 partially (e.g., for a certain network interface) or completely on Linux. These tips should be applicable to all major Linux distributions including Ubuntu, Debian, Linux Mint, CentOS, Fedora, RHEL, and Arch Linux.

Check if IPv6 is Enabled on Linux

All modern Linux distributions have IPv6 automatically enabled by default. To see IPv6 is activated on your Linux, use ifconfig or ip commands. If you see inet6 in the output of these commands, this means your Linux has IPv6 enabled.

$ ifconfig

$ ip addr

 

 

 

Disable IPv6 Temporarily

If you want to turn off IPv6 temporarily on your Linux system, you can use /proc file system. By temporarily, I mean that the change you make to disable IPv6 will not be preserved across reboots. IPv6 will be enabled back again after you reboot your Linux box.

To disable IPv6 for a particular network interface, use the following command.

$ sudo sh -c 'echo 1 > /proc/sys/net/ipv6/conf/<interface-name>/disable_ipv6'

For example, to disable IPv6 for eth0 interface:

$ sudo sh -c 'echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6'

 

To re-enable IPv6 back on eth0 interface:

$ sudo sh -c 'echo 0 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6'

If you want to disable IPv6 system-wide for all interfaces including loopback interface, use this command:

$ sudo sh -c 'echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6'

 

 

Disable IPv6 Permanently across Reboots

The above method does not permanently disable IPv6 across reboots. IPv6 will be activated again once you reboot your system. If you want to turn off IPv6 for good, there are several ways you can do it.

Method One

The first method is to apply the above /proc changes persistently in /etc/sysctl.conf file. That is, open /etc/sysctl.conf with a text editor, and add the following lines.

# to disable IPv6 on all interfaces system wide
net.ipv6.conf.all.disable_ipv6 = 1

# to disable IPv6 on a specific interface (e.g., eth0, lo)
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

To activate these changes in /etc/sysctl.conf, run:

$ sudo sysctl -p /etc/sysctl.conf

Or simply reboot.

Method Two

An alternative way to disable IPv6 permanently is to pass a necessary kernel parameter via GRUB/GRUB2 during boot time.

Open /etc/default/grub with a text editor, and add ipv6.disable=1 to GRUB_CMDLINE_LINUX variable.

$ sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX="xxxxx ipv6.disable=1"

In the above, xxxxx denotes any existing kernel parameter(s). Add ipv6.disable=1 after them.

 

 Finally, don't forget to apply the modified GRUB/GRUB2 settings by running:

On Debian, Ubuntu or Linux Mint:

$ sudo update-grub

On Fedora, CentOS/RHEL:

$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Now IPv6 will be completely disabled once you reboot your Linux system.

Other Optional Steps after Disabling IPv6

Here are a few optional steps you can consider after disabling IPv6. This is because while you disable IPv6 in the kernel, other programs may still try to use IPv6. In most cases, such application behaviors will not break things, but you want to disable IPv6 for them for efficiency or safety reason.

1. /etc/hosts

Depending on your setup, /etc/hosts may contain one or more IPv6 hosts and their addresses. Open /etc/hosts with a text editor, and comment out all lines which contain IPv6 hosts.

$ sudo vi /etc/hosts
# comment these IPv6 hosts
# ::1     ip6-localhost ip6-loopback
# fe00::0 ip6-localnet
# ff00::0 ip6-mcastprefix
# ff02::1 ip6-allnodes
# ff02::2 ip6-allrouters

2. Network Manager

If you are using Network Manager to manage your network settings, you can disable IPv6 on Network Manager as follows. On Network Manager, open the wired connection for which you want to disable IPv6, click on IPv6 Settings tab, and choose Ignore in Method field. Save the change and exit.

 

 

3. SSH server

By default, OpenSSH server (sshd) tries to bind on both IPv4 and IPv6 addresses. To force sshd to bind only on IPv4 address, open /etc/ssh/sshd_config with a text editor, and add the following line. inet is for IPv4 only, and inet6 is for IPv6 only.

$ sudo vi /etc/ssh/sshd_config
AddressFamily inet

And restart sshd server.

posted @ 2021-05-27 09:14  大数据从业者FelixZh  阅读(1196)  评论(0编辑  收藏  举报