Disable IPv6: Difference between revisions

From Notes to self
Jump to navigation Jump to search
← Older edit
Verbovet (talk | contribs)
Bureaucrats, Interface administrators, Administrators
2,627 edits
No edit summary
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 7: Line 7:
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
...</pre>to prevent configuration of IPv6 for listed interfaces.
...</pre>to prevent configuration of IPv6 for listed interfaces.
*To force <code>ntpd</code> to not use IPv6 add <code>-4</code> to
*To configure glibc to prefer ipv4 over ipv6 create <code>/etc/gai.conf</code>:
<pre>CMDLINE="/usr/sbin/ntpd -4 -g"</pre>
<pre>
in <code>/etc/rc.d/rc.ntpd</code>
# Always prefer IPv4 connections
precedence ::ffff:0:0/96  100
</pre>
*Getting chrony to not use IPv6 create/edit <code>/etc/default/chrony</code>:
<pre>
CHRONYD_ARGS="-4"</pre>
*To force <code>ntpd</code> to not use IPv6 add <code>-4</code> to $NTPD_OPTS in <code>/etc/default/ntp</code>
:Also comment out 2 lines in <code>/etc/ntp.conf</code>:
<pre>#restrict -6 default limited kod nomodify notrap nopeer noquery
#restrict ::1</pre>
*To force <code>sshd</code> to listen IPv4 only add
*To force <code>sshd</code> to listen IPv4 only add
<pre>AddressFamily inet</pre>
<pre>AddressFamily inet</pre>
Line 16: Line 25:
<pre>Listen 0.0.0.0:80</pre>
<pre>Listen 0.0.0.0:80</pre>
(in <code>/etc/httpd/httpd.conf</code> and/or <code>/etc/httpd/extra/httpd-ssl.conf</code>)
(in <code>/etc/httpd/httpd.conf</code> and/or <code>/etc/httpd/extra/httpd-ssl.conf</code>)
*To disable IPv6 in <code>bind</code> add <code>-4</code> to <code>NAMED_OPTIONS</code>
*To disable IPv6 in <code>bind</code> add <code>-4</code> to <code>NAMED_OPTIONS</code> in <code>/etc/default/named</code>, add
to <code>/etc/default/named</code>, add
<pre>listen-on-v6 { none; };</pre>
<pre>listen-on-v6 { none; };</pre>
to <code>options</code> in <code>/etc/named.conf</code>, and add
to <code>options</code> in <code>/etc/named.conf</code>, and add

Latest revision as of 19:01, 27 October 2025

  • The kernel option ipv6.disable=1 disables the whole IPv6 stack
  • If using the kernel option is not possible, add the following parameters to /etc/sysctl.conf:
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
...

to prevent configuration of IPv6 for listed interfaces.

  • To configure glibc to prefer ipv4 over ipv6 create /etc/gai.conf:
# Always prefer IPv4 connections
precedence ::ffff:0:0/96  100
  • Getting chrony to not use IPv6 create/edit /etc/default/chrony:
CHRONYD_ARGS="-4"
  • To force ntpd to not use IPv6 add -4 to $NTPD_OPTS in /etc/default/ntp
Also comment out 2 lines in /etc/ntp.conf:
#restrict -6 default limited kod nomodify notrap nopeer noquery
#restrict ::1
  • To force sshd to listen IPv4 only add
AddressFamily inet

to /etc/ssh/sshd_config

  • To force httpd to listen IPv4 only, specify an IPv4 address on all Listen directives, for example,
Listen 0.0.0.0:80

(in /etc/httpd/httpd.conf and/or /etc/httpd/extra/httpd-ssl.conf)

  • To disable IPv6 in bind add -4 to NAMED_OPTIONS in /etc/default/named, add
listen-on-v6 { none; };

to options in /etc/named.conf, and add 

plugin query "/usr/lib64/named/filter-aaaa.so" {
  filter-aaaa-on-v4 yes;
  filter-aaaa-on-v6 yes;
};

after options in /etc/named.conf

  • To disable IPv6 in postfix use the option inet_protocols in /etc/postfix/main.cf
  • To disable IPv6 in sendmail use the option Family=inet in DAEMON_OPTIONS and CLIENT_OPTIONS
Retrieved from "https://alik.ejik.org/index.php?title=Disable_IPv6&oldid=2679"