• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Disable IPv6 in CentOS/RHEL 8

by admin

By default, IPv6 is enabled on CentOS/RHEL 8 systems. However, in certain situations, some users may find it desirable to disable IPv6 support. This post outlines steps to disable ipv6 on a CentOS/RHEL 8 system.

For systems Using NetworkManager

For all systems that run NetworkManager, IPv6 must be disabled on each interface with the option ipv6.method set to disabled. This step must be done in addition to IPv6 being disabled using the method shown in the next section below.

# nmcli connection modify [Connection Name] ipv6.method "disabled"

Method 1: Using GRUB2

1. Disable ipv6 built-in kernel module. Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX as shown below:

GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"

2. Run the grub2-mkconfig command to regenerate the grub.cfg file:

# grub2-mkconfig -o /boot/grub2/grub.cfg

Alternatively, on UEFI systems, run the following:

# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

3. Reboot the system to disable IPv6 support.

# systemctl reboot

Method 2: Using sysctl

Alternatively, this can be done via the sysctl settings as well. Please be aware that this breaks SSH Xforwarding unless sshd_config contains AddressFamily inet.

1. Create a new file named /etc/sysctl.d/ipv6.conf and add the following options:

# vi /etc/sysctl.d/ipv6.conf
# First, disable for all interfaces
net.ipv6.conf.all.disable_ipv6 = 1
# If using the sysctl method, the protocol must be disabled all specific interfaces as well. 
net.ipv6.conf..disable_ipv6 = 1

2. The new settings would then need to be reloaded with:

# sysctl -p /etc/sysctl.d/ipv6.conf

3. Create a backup of the initramfs before making any changes to it:

# cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).bak.$(date +%m-%d-%H%M%S).img

4. Then rebuild the Initial RAM Disk Image using:

# dracut -f -v

5. Verifying file inclusion:

# lsinitrd /boot/initramfs-[version].img  | grep 'etc/sysctl.d/ipv6.conf'

6. Comment out any IPv6 addresses found in /etc/hosts, including ::1 localhost address. Make backup of the file before making any changes:

# cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts

Verification

1. The current state of the ipv6 module disable option can be seen via sysfs:

# cat /sys/module/ipv6/parameters/disable
1

2. The current state of the sysctl disable_ipv6 can be seen with the sysctl command:

# sysctl -a 2>/dev/null | grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0

3. To list any IPv6 addresses assigned to the system:

# ip -6 addr

4. To list any IPv6 TCP or UDP sockets something like the following can be used:

# ss -6 -pan

The Conclusion

In case, you notice any Selinux denied messages in audit.log file such as avc: denied { module_request }, while using Method 1(GRUB2), then disable the ipv6 from /etc/sysctl.d/ipv6.conf file as shown in the Method 2. Optionally to prevent rpc* messages output after disabling ipv6, edit /etc/netconfig for the lines starting with udp6 and tcp6; change the “v” in the third column to “-“(hyphen/dash).

How to Enable IPv6 in CentOS/RHEL 8

Filed Under: CentOS/RHEL, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. How to Change Password Of An LXC Container User Account
  2. Linux OS Service ‘anacron’
  3. netstat Command Examples in Linux
  4. Audit Log And Messages File Not Rotating on CentOS/RHEL
  5. “yum update” fails with “[package version 1] is a duplicate with [package version 2]”
  6. Linux OS Service ‘sshd’
  7. How to Find Filesystem Inode Utilization in Linux
  8. How to install and configure sosreport under CentOS / RHEL
  9. How to Enable Thin LVM Automatic Extension
  10. lspci Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright