Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?
You can easily prevent the kernel module from loading by updating the following two files:
- /etc/modprobe.conf - Kernel driver configuration file.
- /etc/sysconfig/network - RHEL / CentOS networking configuration file.
/etc/modprobe.conf
Edit /etc/modprobe.conf, enter:
# vi /etc/modprobe.conf
Append the following line:
install ipv6 /bin/true
Save and close the file.
/etc/sysconfig/network
Edit /etc/sysconfig/network, enter:
# vi /etc/sysconfig/network
Update / add as follows:
NETWORKING_IPV6=no IPV6INIT=no
Save and close the file. Restart networking service
# service network restart
# rmmod ipv6
Alternatively, simple reboot the box:
# reboot
Verify IPv6 is disabled, enter:
# lsmod | grep ipv6
# /sbin/ifconfig
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 14 comments… read them below or add one }
please let me know ,why should we do this ,more specifically just let me know the pros and cons of doing and not doing this.
One Pros that i can figure out is to prevent un-necessary services from staring off.Can u please list.
tu swarub:
speed up system and web browsing a lot.
I don’t have it ,shall i create a new one,is it safe,since it was not there by default.
Using Fedora 11
[root@xbox ~]# ll /etc/modprobe.conf
ls: cannot access /etc/modprobe.conf: No such file or directory
[root@xbox ~]#
wat kind of installation do you have that does not contain /etc/modprobe.conf ?
to prevent unnecessary services from running, this is how you do it..
if you are running your linux as a web server, you wouldn’t want unnecessary ones such as isdn, bluetooth, avahi (network zeroconf) among others from running… correcto?
Anyway do a keyword search “linux hardening” which should get you going. Else fails.. google google google google
Fedora 11 does not have modprobe.conf anymore. Take a look here:
rpm -ql $(rpm -qf `type -p modprobe`)|grep etc
/etc/depmod.d
/etc/depmod.d/dist.conf
/etc/modprobe.d
/etc/modprobe.d/dist-oss.conf
/etc/modprobe.d/dist.conf
/etc/modprobe.d/local.conf
You would have to modify the files in /etc/modprobe.d/
George
Warning about this way of doing because it conflicts with network interface bonding :
http://osdir.com/ml/rhelv5-list/2009-09/msg00031.html
It should be noted here that while Fedora Core the Red Hat development OS, does not have /etc/modprobe.conf anymore. This article is really written for the RHEL/CentOS crowd. Now they do have an /etc/modprobe.conf file, and it’s required.
Thanks for the article. As described you can remove IPv6 protocol from the network on CentOS 5.5
after we remove IPv6, then what we should do to reverse it again?, jus in case if we need it on later…
Apache was heading in the right direction.
If you do not want IPv6 at this time,for RedHat/Centos,simply add this to
/etc/sysconfig/network.
NOZEROCONF=yes
This diables link-local on all interfaces.
If you decide to transition to IPv6,remove directive.
Easy.
# rmmod ipv6
ERROR: Module ipv6 is in use by cnic
how to get rid of this error??
thankx in advance
cnic is a Broadcomm NIC driver used by the bnx2i driver (Broadcomm iSCSI offload NIC driver). If you’re not using iSCSI, or if you’re not running iSCSI offloaded, you can choose not to insert this bnx2i kernel module. (which means in turn that the cnic kernel module will not be loaded).
In /etc/init.d/iscsid, comment out this line:
modprobe -q bnx2i
and reboot.
Just make the changes and then reboot the server.
After that you can do the rmmod command and the error will not appear anymore.
the simplest way is.. adding “net.ipv6.conf.all.disable_ipv6 = 1″ to your /etc/sysctl.conf (for the applications and services IPv6 is there but does nothing)
[xxxxxxx@xxxxxxx ~]$ sudo tail /etc/sysctl.conf -n2
# IPv6 disable
net.ipv6.conf.all.disable_ipv6 = 1
echo -ne ‘\n# IPv6 disable\nnet.ipv6.conf.all.disable_ipv6 = 1\n’ >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf