{"id":7094,"date":"2017-10-12T23:43:42","date_gmt":"2017-10-12T15:43:42","guid":{"rendered":"http:\/\/rmohan.com\/?p=7094"},"modified":"2017-10-12T23:45:22","modified_gmt":"2017-10-12T15:45:22","slug":"disable-or-enable-the-ipv6-protocol","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7094","title":{"rendered":"Disable or enable the IPv6 protocol"},"content":{"rendered":"

Disable or enable the IPv6 protocol <\/strong><\/p>\n

Disabling IPv6 support in Red Hat Enterprise Linux 7<\/strong><\/p>\n

Disable ipv6 built-in kernel module.<\/p>\n

Edit \/etc\/default\/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample:
\n Raw<\/p>\n

GRUB_CMDLINE_LINUX=”rd.lvm.lv=rhel\/swap crashkernel=auto rd.lvm.lv=rhel\/root ipv6.disable=1″<\/p>\n

Run the grub2-mkconfig command to regenerate the grub.cfg file:
\n Raw<\/p>\n

# grub2-mkconfig -o \/boot\/grub2\/grub.cfg<\/p>\n

Alternatively, on UEFI systems, run the following:
\n Raw<\/p>\n

# grub2-mkconfig -o \/boot\/efi\/EFI\/redhat\/grub.cfg<\/p>\n

Reboot the system to disable IPv6 support.
\n Note: While following above method if you notice any Selinux denied messages in audit.log file such as avc: denied { module_request } then disable the ipv6 from \/etc\/sysctl.d\/ipv6.conf file shown below instead.<\/p>\n

Alternatively, this can be done via sysctl settings. Please be aware that this breaks SSH Xforwarding unless sshd_config contains AddressFamily inet.<\/p>\n

Create a new file named \/etc\/sysctl.d\/ipv6.conf and add the following options:
\n Raw<\/p>\n

# To disable for all interfaces
\n net.ipv6.conf.all.disable_ipv6 = 1
\n # the protocol can be disabled for specific interfaces as well.
\n net.ipv6.conf..disable_ipv6 = 1<\/p>\n

The new settings would then need to be reloaded with:
\n Raw<\/p>\n

# sysctl -p \/etc\/sysctl.d\/ipv6.conf<\/p>\n

Then rebuild the Initial RAM Disk Image using:
\n Raw<\/p>\n

# dracut -f<\/p>\n

Optionally to prevent rpc* messages output after disabling ipv6, edit \/etc\/netconfig for the lines starting with udp6 and tcp6; change the “v” in the third column to “-“(hyphen\/dash). Please refer to rpc* messages output after disabling ipv6.
\nRe-enabling IPv6 support in Red Hat Enterprise Linux 7<\/p>\n

Edit \/etc\/default\/grub and delete the entry ipv6.disable=1 from the GRUB_CMDLINE_LINUX, like the following sample:
\n Raw<\/p>\n

GRUB_CMDLINE_LINUX=”rd.lvm.lv=rhel\/swap crashkernel=auto rd.lvm.lv=rhel\/root”<\/p>\n

Run the grub2-mkconfig command to regenerate the grub.cfg file:
\n Raw<\/p>\n

# grub2-mkconfig -o \/boot\/grub2\/grub.cfg<\/p>\n

Alternatively, on UEFI systems, run the following:
\n Raw<\/p>\n

# grub2-mkconfig -o \/boot\/efi\/EFI\/redhat\/grub.cfg<\/p>\n

Delete the file \/etc\/sysctl.d\/ipv6.conf which contains the entry:
\n Raw<\/p>\n

# To disable for all interfaces
\n net.ipv6.conf.all.disable_ipv6 = 1
\n # the protocol can be disabled for specific interfaces as well.
\n net.ipv6.conf..disable_ipv6 = 1<\/p>\n

If the Initial RAM Disk image was created earlier while disabling IPv6 , only then carry out this step.
\n Raw<\/p>\n

# dracut -f<\/p>\n

Check the content of the file \/etc\/ssh\/sshd_config and make sure the AddressFamily line is commented:
\n Raw<\/p>\n

#AddressFamily inet<\/p>\n

Make sure the following line exists in \/etc\/hosts, and is not commented out:
\n Raw<\/p>\n

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<\/p>\n

Reboot the system to enable IPv6 support.<\/p>\n

Disabling IPv6 support in Red Hat Enterprise Linux 6<\/p>\n

Create a file \/etc\/modprobe.d\/ipv6.conf with the following contents:
\n Raw<\/p>\n

options ipv6 disable=1<\/p>\n

Disable the ip6tables service from starting at boot by issuing the following command:
\n Raw<\/p>\n

# chkconfig ip6tables off<\/p>\n

Alternatively, the IPv6 support can also be disabled in the kernel through \/etc\/sysctl.conf by setting following parameter:
\n Raw<\/p>\n

# IPv6 support in the kernel, set to 0 by default
\n net.ipv6.conf.all.disable_ipv6 = 1
\n net.ipv6.conf.default.disable_ipv6 = 1<\/p>\n

Please be aware that this breaks SSH Xforwarding unless AddressFamily inet is set in sshd_config.<\/p>\n

Comment out any IPv6 addresses found in \/etc\/hosts, including ::1 localhost address
\n Raw<\/p>\n

# cp -p \/etc\/hosts \/etc\/hosts.disableipv6
\n # sed -i ‘s\/^[[:space:]]*::\/#::\/’ \/etc\/hosts<\/p>\n

Optionally to prevent rpc.nfsd setting up IPv6 sockets while NFS server is running, edit \/etc\/netconfig for the lines starting with udp6 and tcp6; change the “v” in the third column to “-“(hyphen\/dash)<\/p>\n

Reboot the system to disable IPv6 support.<\/p>\n

Note: The solution above only disables (unhooks all of the calls) the ipv6 module, but doesn’t prevent it from loading. Unloading the module isn’t recommended due to the dependency factors it has with other modules (for example: bonding) and services. To prevent the module from loading, modify \/etc\/modprobe.d\/ipv6.conf with the following contents:
\nRaw<\/p>\n

install ipv6 \/bin\/true<\/p>\n

Disabling ipv6 in the sysctl.conf will ensure ipv6 isn’t used even if the ipv6 module is loaded and can work as a short term solution (until a full reboot)
\n There is a special case where this might not work, please see The “ipv6 disable=1” option does not seem to work on Red Hat Enterprise Linux 6 system.<\/p>\n

Re-enabling IPv6 support in Red Hat Enterprise Linux 6<\/p>\n

Review the files under \/etc\/modprobe.d\/ and remove (or comment out) any of the following lines:
\n Raw<\/p>\n

options ipv6 disable=1
\n install ipv6 \/bin\/true
\n blacklist ipv6
\n alias ipv6 off<\/p>\n

Configure the ip6tables service to start at boot by issuing the following command:
\n Raw<\/p>\n

# chkconfig ip6tables on<\/p>\n

Make sure the following options to your \/etc\/sysctl.conf are set to default value ‘0’
\n Raw<\/p>\n

# ipv6 support in the kernel, set to 0 by default
\n net.ipv6.conf.all.disable_ipv6 = 0
\n net.ipv6.conf.default.disable_ipv6 = 0<\/p>\n

Make sure the following line exists in \/etc\/hosts and is not commented out:
\n Raw<\/p>\n

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<\/p>\n

Edit \/etc\/netconfig for the lines starting with udp6 and tcp6; change the “-“(hyphen\/dash) in the third column to “v”<\/p>\n

Reboot the system to activate IPv6 support.<\/p>\n

Disabling IPv6 support in Red Hat Enterprise Linux 5<\/p>\n

Remove the following line (if present) from the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 ipv6<\/p>\n

Add the following line to the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 off<\/p>\n

In versions of Red Hat Enterprise Linux before 5.4, add the following line to the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias ipv6 off<\/p>\n

In Red Hat Enterprise Linux 5.4 and later, add the following line to the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

options ipv6 disable=1<\/p>\n

To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the \/etc\/sysconfig\/network file to the following:
\n Raw<\/p>\n

NETWORKING_IPV6=no<\/p>\n

Comment out any IPv6 addresses found in \/etc\/hosts, including ::1 localhost address
\n Raw<\/p>\n

# cp -p \/etc\/hosts \/etc\/hosts.disableipv6
\n # sed -i ‘s\/^[[:space:]]*::\/#::\/’ \/etc\/hosts<\/p>\n

Disable the ip6tables service from starting at boot by issuing the following command:
\n Raw<\/p>\n

# chkconfig ip6tables off<\/p>\n

Reboot the system to disable IPv6 support.<\/p>\n

Re-enabling IPv6 support in Red Hat Enterprise Linux 5<\/p>\n

Remove the following lines (if present) from the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 off
\n alias ipv6 off
\n options ipv6 disable=1<\/p>\n

Add the following line to the \/etc\/modprobe.conf file (if not present already):
\n Raw<\/p>\n

alias net-pf-10 ipv6<\/p>\n

Change the NETWORKING_IPV6 parameter in the \/etc\/sysconfig\/network file to the following:
\n Raw<\/p>\n

NETWORKING_IPV6=yes<\/p>\n

Make sure the following line exists in \/etc\/hosts and is not commented out:
\n Raw<\/p>\n

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<\/p>\n

Configure the ip6tables service to start at boot by issuing the following command:
\n Raw<\/p>\n

# chkconfig ip6tables on<\/p>\n

Reboot the system to re-enable IPv6 support.<\/p>\n

Disabling IPv6 support in Red Hat Enterprise Linux 4<\/p>\n

Remove the following line (if present) from the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 ipv6<\/p>\n

Add the following line to the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 off<\/p>\n

Comment out any IPv6 addresses found in \/etc\/hosts, including ::1 localhost address
\n Raw<\/p>\n

# cp -p \/etc\/hosts \/etc\/hosts.disableipv6
\n # sed -i ‘s\/^[[:space:]]*::\/#::\/’ \/etc\/hosts<\/p>\n

Reboot the system to disable IPv6 support.<\/p>\n

Re-enabling IPv6 support in Red Hat Enterprise Linux 4<\/p>\n

Remove the following line from the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 off<\/p>\n

Add the following line to the \/etc\/modprobe.conf file:
\n Raw<\/p>\n

alias net-pf-10 ipv6<\/p>\n

Make sure the following line exists in \/etc\/hosts, and is not commented out.
\n Raw<\/p>\n

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<\/p>\n

Reboot the system to re-enable IPv6 support.<\/p>\n

Additional notes<\/p>\n

Disabling IPv6 by blacklisting the module invalidates bonding in the system.<\/p>\n","protected":false},"excerpt":{"rendered":"

Disable or enable the IPv6 protocol <\/p>\n

Disabling IPv6 support in Red Hat Enterprise Linux 7<\/p>\n

Disable ipv6 built-in kernel module.<\/p>\n

Edit \/etc\/default\/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample: Raw<\/p>\n

GRUB_CMDLINE_LINUX=”rd.lvm.lv=rhel\/swap crashkernel=auto rd.lvm.lv=rhel\/root ipv6.disable=1″<\/p>\n

Run the grub2-mkconfig command to regenerate the grub.cfg file: Raw<\/p>\n

# grub2-mkconfig -o […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7094"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7094"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7094\/revisions"}],"predecessor-version":[{"id":7096,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7094\/revisions\/7096"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}