74

How can we disable IPv6 system wide via terminal commands?

I've read editing /etc/modprobe.d/aliases and replacing:

alias net-pf-10 ipv6

with:

alias net-pf-10 off
alias ipv6 off

Is this safe to apply and does it permanently disable ipv6 across reboots?

Eric Carvalho
  • 54,385
Tinfoilhats
  • 749
  • 1
  • 5
  • 5
  • 6
    Why do you want to disable IPv6 permanently? – Anderson Green Jun 17 '13 at 23:59
  • 2
    There are absolutly (well, I can actually find one, on MS Windows) no reason to turn IPv6 off. Why would you want to do that? – Anders Jun 20 '13 at 01:00
  • Some Wi-Fi spots are very slow at IPv6, unfortunately. – NullNoname Aug 27 '13 at 03:38
  • 10
    Disabling IPv6 doesn't make you immune to IPv6 attacks. It is much better to have it enabled, deal with it and learn from it, that is the only way make your environment a bit safier. It is better for everybody to learn "How to to disable IPv4 permanently", instead.

    IPv6 is far much easier than IPv4, to begin with, there no NAT anymore, so, one less thing to manage... The Internet is growing really fast, in a few years, the IPv6 network will be bigger than IPv4, so, with IPv4, you'll be out of the real Internet. Go ahead man! Upgrade your IP!! Change is a good thing.

     – ThiagoCMC Feb 24 '14 at 06:12
  • BTW, take a look at the "RFC 7123", it is about "Security Implications of IPv6 on IPv4 Networks", cheers! – ThiagoCMC Feb 24 '14 at 06:52
  • 2
    @AndersonGreen I need to do this. Bug Workaround, wireless won't connect in newer Ubuntu versions with it enabled, works fine when disabled – cmc Nov 21 '14 at 11:18
  • @cmc Exactly! So true. – Lonnie Best Aug 20 '15 at 03:57
  • 11
    @JonathanS.Fisher and others - These comments are no helpful. Just because you may not be aware of a reason to disable IPv6, doesn't mean there isn't one. One major case is for VPN services that don't support IPv6. If you don't disable it, you will leak your IPv6 address. – Scone Jan 26 '17 at 01:44
  • 1
    I disagree... the safest thing to do is to disable it on your systems, and drop the packets at your routers. From a person managing a network, I have better things to worry about. I'll revisit the situation in 10 years, if it manages to ever take off. – Jonathan S. Fisher Jan 26 '17 at 21:50
  • 2
    I work in the IoT world. IPv6 is a pain in my ass. I turn it off always. Slows things down, slows boot time, at times you end up with multiple IP's per device which creates issues in some networks, cause for security concern, need to document IPv6 in technical documentation if you end up using it, and there really is no advantage to IPv6 at this time, etc. I can turn it on on a use-case basis if needed. – John May 04 '17 at 20:43
  • see here: https://unix.stackexchange.com/a/190189 – mchid May 21 '17 at 20:32
  • 1
    I turned it off because apt get was failing while trying to use ipv6, due to timeouts. ipv4 worked just fine. – hoffmanc Sep 11 '18 at 15:06
  • Another reason to turn it off is to work around bugs. My product once used some third-party code that had bugs in the case of IPv6 addresses and we didn't have access to the source code at that time so we couldn't fix them by ourselves. Meanwhile, we needed to deliver the product to our customers so at that time the best thing was to disable IPv6. We re-enabled IPv6 after we fixed the bugs in the third-party code eventually. – yaobin May 06 '21 at 15:48

6 Answers6

91

I successfully disabled IPv6 once putting the following lines in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

also run this command to load changes

sudo sysctl -p
abu_bua
  • 10,783
Eric Carvalho
  • 54,385
  • Uubuntu on VMware can't be ping, and I close the ipv6 on Ubuntu, it is ok now. – Honghe.Wu Oct 16 '13 at 08:10
  • 14
    After these adding lines to sysctl.conf, run sudo sysctl -p or reboot to let changes take effect. – Rajat Gupta Mar 13 '14 at 18:14
  • 6
    I need to do this only on wireless as a bug workaround so I can connect again. Here's how to do it for one adapter only: net.ipv6.conf.wlan0.disable_ipv6 = 1 – cmc Nov 21 '14 at 11:20
  • This didn't work for me on UbuntuMate 16.10. I had to specific the Wifi interface specifically, similar to how @cmc suggests above. – Scone Jan 26 '17 at 01:45
  • 2
    This does not work on Ubuntu 17.10. See NullNoname comment below for the grub fix. – Luke Jan 01 '18 at 04:54
  • I just did this on my Kubuntu 17.10 install. Added the lines mentioned in parent comment, then ran sudo sysctl -p and voila, I'm no longer leaking on any of the tests I've run test-ipv6, whatsmyipaddress, ipleak – Edward Alekos Mar 13 '18 at 08:42
  • 3
    Doesn't work on Ubuntu 16.04 as well. Grub method works. – Penghe Geng Mar 26 '18 at 21:12
  • bash: net.ipv6.conf.all.disable_ipv6: command not found –  May 02 '18 at 03:24
  • 1
    @hellomoto That's not a command. You have to put those lines in the file /etc/sysctl.conf. – Eric Carvalho May 02 '18 at 04:56
  • This solved a problem I suddenly began experiencing with Linux Mint 18.3 32-bit update manager and updating apt repositories. But it annoys / worries me that this became necessary. Wish I understood why formerly working apt / apt-get / update manager suddenly had problems accessing repos... – RBV Feb 15 '19 at 20:10
  • This worked for me on Ubuntu 16.04 for the current session, but I haven't rebooted my system since to see if it would survive the reboot. – FKEinternet Feb 17 '21 at 00:56
  • I use a vpn and this command doesn't help switch to ipv4, while my android phone use the same vpn and can get ipv4 and hidden location. – Dimitri Kopriwa Aug 31 '22 at 12:21
  • this fix, on 22.04 LTS, does not persist on my VMs on vSphere. How do I run sysctl -p at boot? – AG6HQ Oct 23 '23 at 23:23
72

If your PC doesn't load /etc/sysctl.conf at boot time (which is the case for me), disabling IPv6 from grub is needed. Linux kernel has a boot option named "ipv6.disable=1" which disables IPv6 from startup.

To edit the boot options, edit "/etc/default/grub" with any text editor as root user:

sudo nano /etc/default/grub

Find the line that contain "GRUB_CMDLINE_LINUX_DEFAULT":

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

Add "ipv6.disable=1" to the boot option, then save your grub file:

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

Finally, update grub:

sudo update-grub
NullNoname
  • 1,391
  • 12
  • 13
  • 12
    +1 this works and disables IPv6 completely, so there are no traces of /proc/sys/net/ipv6/ left which may produce problems like X11 forwarding request failed because sshd tries to bind to a non-configured IPv6 interface. Note that similarly you can get rid of IPv4 this way on pure IPv6 VMs. Thanks. – Tino May 29 '14 at 07:48
  • 2
    This works for me on 20.10. A cleaner way is to create a file /etc/default/grub.d/disable-ipv6.cfg with the contents GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} ipv6.disable=1". Don't forget update-grub. – schieferstapel Feb 21 '21 at 10:28
  • @Tino did a find a solution to the sshd problem? – Abhishek Anand Feb 28 '21 at 18:07
  • @AbhishekAnand There might be, but I tried nothing else, as disabling IPv6 at boot time fixes it for me. – Tino Mar 01 '21 at 02:07
  • @schieferstapel on ubuntu 18.04 now my system wont boot anymore after creating your file – Freedo May 28 '21 at 07:15
  • Ubuntu 20 VM: This was the only functional way for me. sysctl.conf didn't help. – Moonchild Nov 25 '21 at 13:48
  • This should be the first answer as this is the only way I have found after hours that guarantee ipv6 will be disabled. – Dimitri Kopriwa Aug 31 '22 at 12:49
10

Carvalho's answer including the comment about having to run sudo sysctl -p has helped me the most.

However, in my case at least:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.<mydevice>.disable_ipv6 = 1

and it seems the second line was necessary.

Maybe this has to do with the fact that I am using the TP-Link Archer T2U, for which I had to customly build a driver from source.

My assumption is that as a result, <mydevice> doesn't count as one of "all".

So, in a nutshell, if you have customly added a (custom) networking driver, net.ipv6.conf.all.disable_ipv6 = 1 might not be sufficient to disable IPv6 networking.

Have to admit though, that I didn't try the line net.ipv6.conf.default.disable_ipv6 = 1.

yaobin
  • 369
polynomial_donut
  • 239
  • 2
    Upvote for mentioning that disabling different devices is sometimes required. – Scone Jan 26 '17 at 01:47
  • The lack of the default line is probably the problem here. If your driver wasn't loaded yet at the point in the boot process when the sysctl was executed, then it wasn't included in all -- but setting the default would have meant it would have gotten the setting later, when it was loaded. – Charles Duffy Mar 15 '17 at 20:11
  • 2
    I had the default entry and I had to configure the specific device to successfully disable it. – Alfonso Nishikawa May 14 '18 at 18:55
9

Here's how to check to see if ipv6 is enabled on your computer

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

If you see 

Running kernel is IPv6 ready

it is enabled.

If you see no output, it is not.

To disable ipv6 if the other answers on this page don't work for you, blacklist ipv6 all-together. To do this, use the following command:

echo 'blacklist ipv6' | sudo tee -a '/etc/modprobe.d/blacklist.local' >/dev/null

Also, this might help as well:

echo 'install ipv6 /bin/true' | sudo tee -a '/etc/modprobe.d/blacklist.local' >/dev/null

Reboot for the changes to take effect. To check if it's enabled after startup run this command again:

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

There should be no output.

Click here for info on how to disable IPV6 at boot.

mchid
  • 43,546
  • 8
  • 97
  • 150
  • This answer assumes that the kernels ipv6 feature is a kernel module (using blacklist.local to prevent its loading). There is a case that ipv6 is compiled into the kernel (not a module) in which case it is necessary to boot the kernel with ipv6.disable=1 boot paremeter (to do so one would: (1) sudo gedit /etc/default/grub (2) search for the line GRUB_CMDLINE_LINUX_DEFAULT=<args> and (3) add ipv6.disable=1 to the boot parameters ) – humanityANDpeace May 19 '17 at 10:32
  • @humanityANDpeace You may be interested in this more comprehensive answer: https://unix.stackexchange.com/a/190189 – mchid May 21 '17 at 20:29
8

If you are using a modern version (I'm on 16.04 LTS) of Ubuntu then you can use this tidy solution:

Create /etc/sysctl.d/60-ipv6-disable.conf containing the following text:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Run service procps start

user10550
  • 191
  • 2
    this is the cleanest way to do it - don't understand why was downvoted. it works on fedora/centos/redhat, too. it has the advantage that it does not alter system defaults files (like directly sysctl.conf as suggested in most popular answer) – Costin Gușă Nov 09 '17 at 09:23
  • @Costin I didn't downvote, but this won't always work. Sometimes you have to put the specific device name (e.g. in case of custom driver installations). See Alfonso Nishikawas comment on my answer. – polynomial_donut Oct 03 '18 at 19:09
  • I'm thankful I followed this approach, because I ended up losing my connection on a remote server (it needed IPv6), and it was very easy to direct my assistant on site to remove the one file and reboot. – Roger Dueck Mar 02 '19 at 15:32
  • 1
    i had to run service procps restart instead on ubuntu 18.04 – iPherian May 28 '19 at 02:12
  • Putting it in sysctl.d doesn't persist through reboots, in my experience. – Stefan Lasiewski Nov 07 '20 at 00:21
0

On a raspberry pi running Ubuntu, prepend

ipv6.disable=1

to

/boot/firmware/cmdline.txt

to disable IPv6 at the kernel level.

Chadi
  • 179
  • 5