How to disable autoconfiguration on IPv6 in Linux?
How can I permanently disable autoconfiguration of IPv6 in Linux? When I try to manually delete an address from an interface with: ip -6 addr del 2001:0db8:85a3:0000:0000:8a2e:0370:7334/64 dev eth1 It will reappear a few seconds later, I want it to be gone permanently, but without disabling IPv6 all together.
7 Answers 7
Auto configuration can be disabled temporary for eth1 with:
sudo sysctl -w net.ipv6.conf.eth1.autoconf=0
sudo sysctl -w net.ipv6.conf.eth1.accept_ra=0
or for all interfaces with:
sudo sysctl -w net.ipv6.conf.all.autoconf=0
sudo sysctl -w net.ipv6.conf.all.accept_ra=0
Reenabling works by using 1 instead of 0 in the call.
Disabling it permanently can be done with an entry to /etc/sysctl.conf . On Debian Etch (probably on newer too), without setting the accept_ra , the system will autoconfigure using the Link local adress ( fe80.. )
As Gart mentioned below, automatic address configuration and router discovery will be disabled if the host itself is a router and accept_ra is not 2 , i.e
where iface is your interface
Also, automatic address configuration and router discovery will be disabled if the host itself is a router, i.e net.ipv6.conf.all.forwarding=1 is set.
The sysctl solution did not work for us on Ubuntu 18.04 Bionic. We solved it by:
Editing /etc/netplan/01-netcfg.yaml , configure:
network: . ethernets: eth0: . dhcp6: no accept-ra: no
You may need to use your interface name instead of eth0 . After you save the file execute:
If you already have received an IPv6 IP from autoconfiguration and you want to remove it without rebooting, you can execute:
ip -6 addr del 1111:2222:1:0:aaaa:bbbb:cccc:dddd/64 dev eth0
Of course you need to replace the IP and device in this command.
This worked when I tried it, but the problem is turning accept-ra off is quite dangerous, as mentioned by Mark S — it appears to work but later you may find you’re missing packets because they hit a fragmentation point or a failover router is used. Also it breaks pings. The reason I was trying to do this was to reliably match my SPF record in outgoing mail but then I realised I should have been using a netmask in the record instead because in IPv6 a range of addresses effectively belongs to a machine, not a single address.
net.ipv6.conf.all.accept_ra=0 above should not be done, as RAs are necessary for indication of on-link and off-link for the prefix (as per RFC5942), as well as automated configuration of a number of other parameters, such as MTU, Neighbor Discovery timeouts etc.
If you want to disable autoconfiguration, either set the autoconf sysctl off as above, or switch off the A (autoconfiguration bit) in the Prefix Information Option (PIO) in the RA.
sudo sysctl -w net.ipv6.conf.all.autoconf=0
This didn’t work for me on Debian Wheezy. After examining /etc/sysctl.conf I needed to use
sudo sysctl -w net.ipv6.conf.default.autoconf=0
The kernel only propagates some net.ipv6.conf.all parameters to all interfaces. Some parameters which need to be present at interface creation time will not be honored here, by design. bugzilla.kernel.org/show_bug.cgi?id=9224
The problem with Ubuntu 18 and ipv6 is that systemd-networkd controls kernel parameters, so though one might disable ipv6 with sysctl, networkd will be more than happy switching them on for you, if the configuration does not state otherwise.
My solution to disable ipv6 is to configure link-local in netplan to an empty scalar (provided you have no link-local ipv4 IPs)
network: version: 2 renderer: networkd ethernets: eth0: .. link-local: [ ]
The configuration will compile configuration for networkd that will be posted in /run/systemd/network/10-netplan-eth0.network and that will convince networkd not to put up ipv6 for eth0
If you may want to disable ipv6 also on the loopback, it is easily achieved by setting the kernel parameter net.ipv6.conf.all.disable_ipv6 to 1. networkd does not seem to control loopback.
sysctl -w net.ipv6.conf.all.disable_ipv6=1
I really like your very clean solution. As we don’t use link-local addresses adding the empty scalar the perfect solution. After this, we had to reboot the server as netplan apply kept the already assigned IPv6 addresses on both of our ethernet interfaces. But after reboot, everything works just like you said. I don’t think there is a reason to bother with disabling IPv6 on the loopback interface, so I just skipped the sysctl part. Thanks!
I just ran into an odd issue with this. Normally, I disable autoconf by setting autoconf=0 for all pertinent interfaces in sysctl.conf, like so:
net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.bond0.autoconf = 0 net.ipv6.conf.bond1.autoconf = 0
Normally, that’s enough. However, I just ran into some servers (Rocky 8.6 and 8.7) where this is not working consistently. bond0 would come up with a SLAAC address on boot-up, but it would eventually age out and expire. But on reboot, it would be back. bond1 , oddly enough, would have no such problem. After fighting with it for a while, the thing that seemed to fix it was adding this to sysctl:
net.ipv6.conf.default.accept_ra_pinfo = 0 net.ipv6.conf.all.accept_ra_pinfo = 0 net.ipv6.conf.bond0.accept_ra_pinfo = 0 net.ipv6.conf.bond1.accept_ra_pinfo = 0
This tells it to ignore the prefix info sent in the RADV.
Feels something like a kernel bug to me. Disabling ‘autoconf’ parameters in sysctl should, in fact, be enough to actually disable autoconf (otherwise, WTF is the purpose of that parameter?). Also disabling «other things» just to make this work as expected just seems wrong. At any rate, this worked for me, and seems like a safer option that disabling accept_ra entirely.
Как отключить IP версии 6 в Linux
Обновлено: 16.05.2020 Опубликовано: 23.03.2019
IPv6 далеко не всегда может использоваться в системе. Более того, он может вызвать некоторые проблемы при обращении к локальной петле (127.0.0.1) — запросы могут пойти на адрес ::1, что может привести к тому, что некоторые приложения будут работать не корректно.
В данной инструкции используются универсальные методы, которые подойдут для различных систем, например, Ubuntu, CentOS, Debian, Red Hat и так далее.
Отключение через ядро Linux
Быстрее всего отключить IPv6 через настройку ядра. Это универсальный способ и он подойдет для многих дистрибутивов на базе Linux.
Глобально (для всех интерфейсов)
Создаем или открываем файл:
* 99-sysctl.conf является основным конфигурационным файлом, а 10-ipv6-privacy.conf в каталоге sysctl.d — дополнительным. Для удобства лучше использовать последний.
Добавляем следующие строки:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
Если вносили изменения в файл /etc/sysctl.d/99-sysctl.conf:
Если вносили изменения в файл /etc/sysctl.d/10-ipv6-privacy.conf:
sysctl -p /etc/sysctl.d/10-ipv6-privacy.conf
Проверяем — должны остаться только адреса IPv4:
Для определенного интерфейса
Если нужно отключить IPv6 только для одного интерфейса, например, для eth0, также открываем настройку ядра.
How to dynamically enable and disable ipv6 on an interface
How to dynamically enable and disable IPv6 on an interface so that it gets link local address when enabled? I have tried: sysctl net.ipv6.conf.all.disable_ipv6=1 to disable IPv6 and sysctl net.ipv6.conf.all.disable_ipv6=0 to enable IPv6. Are there any other ways?
3 Answers 3
and add these lines to sysctl.conf file
#disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1
Save sysctl.conf file with new config and run the following command to enable the new settings:
$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
Now you should see “1″ means IPv6 has been disabled on your system.
I think your approach is valid as it is. You could use the per-interface settings if you don’t want to change settings for every interface, e.g. net.ipv6.conf.eth0.disable_ipv6
I wouldn’t recommend touching anything else.
To turn off IPv6 in Ubuntu 11.04
Firstly, On or off, check it out
$ ifconfig -a eth0 Link encap:Ethernet HWaddr inet addr: Bcast: Mask: **inet6** addr: fe80::210:f3ff:fe21:722a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:982 errors:0 dropped:0 overruns:0 frame:0 TX packets:943 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:800461 (800.4 KB) TX bytes:144524 (144.5 KB) Interrupt:20 Memory:f7d00000-f7d20000 eth1 Link encap:Ethernet HWaddr UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:16 Memory:f7c00000-f7c20000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 **inet6** addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1200 (1.2 KB) TX bytes:1200 (1.2 KB)
Secondly, Turn off, i modified the line as following and patched the grub
$ grep ipv6 /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash" $ update-grub Generating grub.cfg . Found linux image: /boot/vmlinuz-2.6.38-11-generic-pae Found initrd image: /boot/initrd.img-2.6.38-11-generic-pae Found memtest86+ image: /boot/memtest86+.bin done