RedHat / Centos Disable IPv6 Networking

by on August 29, 2009 · 20 comments· LAST UPDATED August 29, 2009

in , ,

Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?

You can easily prevent the kernel module from loading by updating the following two files:

  1. /etc/modprobe.conf - Kernel driver configuration file.
  2. /etc/sysconfig/network - RHEL / CentOS networking configuration file.

/etc/modprobe.conf

Edit /etc/modprobe.conf, enter:
# vi /etc/modprobe.conf
Append the following line:

install ipv6 /bin/true

Save and close the file.

/etc/sysconfig/network

Edit /etc/sysconfig/network, enter:
# vi /etc/sysconfig/network
Update / add as follows:

 
NETWORKING_IPV6=no
IPV6INIT=no
 

Save and close the file. Restart networking service
# service network restart
# rmmod ipv6

Alternatively, simple reboot the box:
# reboot
Verify IPv6 is disabled, enter:
# lsmod | grep ipv6
# /sbin/ifconfig

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 20 comments… read them below or add one }

1 sawrub September 13, 2009 at 12:38 pm

please let me know ,why should we do this ,more specifically just let me know the pros and cons of doing and not doing this.
One Pros that i can figure out is to prevent un-necessary services from staring off.Can u please list.

Reply

2 kesew September 22, 2009 at 12:01 pm

tu swarub:

speed up system and web browsing a lot.

Reply

3 sawrub September 26, 2009 at 10:27 am

I don’t have it ,shall i create a new one,is it safe,since it was not there by default.
Using Fedora 11

[root@xbox ~]# ll /etc/modprobe.conf
ls: cannot access /etc/modprobe.conf: No such file or directory
[root@xbox ~]#

Reply

4 makalele October 20, 2009 at 7:51 am

wat kind of installation do you have that does not contain /etc/modprobe.conf ?
to prevent unnecessary services from running, this is how you do it..
if you are running your linux as a web server, you wouldn’t want unnecessary ones such as isdn, bluetooth, avahi (network zeroconf) among others from running… correcto?

Anyway do a keyword search “linux hardening” which should get you going. Else fails.. google google google google

Reply

5 George Vasiliu October 26, 2009 at 3:06 am

Fedora 11 does not have modprobe.conf anymore. Take a look here:

rpm -ql $(rpm -qf `type -p modprobe`)|grep etc
/etc/depmod.d
/etc/depmod.d/dist.conf
/etc/modprobe.d
/etc/modprobe.d/dist-oss.conf
/etc/modprobe.d/dist.conf
/etc/modprobe.d/local.conf

You would have to modify the files in /etc/modprobe.d/

George

Reply

6 Raphael April 2, 2010 at 1:34 pm

Warning about this way of doing because it conflicts with network interface bonding :
http://osdir.com/ml/rhelv5-list/2009-09/msg00031.html

Reply

7 Kristen July 25, 2010 at 7:25 am

It should be noted here that while Fedora Core the Red Hat development OS, does not have /etc/modprobe.conf anymore. This article is really written for the RHEL/CentOS crowd. Now they do have an /etc/modprobe.conf file, and it’s required.

Thanks for the article. As described you can remove IPv6 protocol from the network on CentOS 5.5

Reply

8 apache September 28, 2010 at 3:41 pm

after we remove IPv6, then what we should do to reverse it again?, jus in case if we need it on later…

Reply

9 Lars Bailey December 31, 2010 at 1:04 am

Apache was heading in the right direction.

If you do not want IPv6 at this time,for RedHat/Centos,simply add this to
/etc/sysconfig/network.

NOZEROCONF=yes

This diables link-local on all interfaces.
If you decide to transition to IPv6,remove directive.
Easy.

Reply

10 Tahir July 1, 2011 at 10:05 am

# rmmod ipv6
ERROR: Module ipv6 is in use by cnic

how to get rid of this error??
thankx in advance

Reply

11 Spike November 18, 2011 at 10:43 pm

cnic is a Broadcomm NIC driver used by the bnx2i driver (Broadcomm iSCSI offload NIC driver). If you’re not using iSCSI, or if you’re not running iSCSI offloaded, you can choose not to insert this bnx2i kernel module. (which means in turn that the cnic kernel module will not be loaded).

In /etc/init.d/iscsid, comment out this line:
modprobe -q bnx2i

and reboot.

Reply

12 Artur August 3, 2011 at 8:54 am

This is not reliable method. It would be better to do so:

sysctl net.ipv6.conf.default.disable_ipv6=1

Reply

13 Blacky November 4, 2011 at 3:41 pm

Just make the changes and then reboot the server.
After that you can do the rmmod command and the error will not appear anymore.

Reply

14 anon January 27, 2012 at 2:13 pm

the simplest way is.. adding “net.ipv6.conf.all.disable_ipv6 = 1″ to your /etc/sysctl.conf (for the applications and services IPv6 is there but does nothing)

[xxxxxxx@xxxxxxx ~]$ sudo tail /etc/sysctl.conf -n2
# IPv6 disable
net.ipv6.conf.all.disable_ipv6 = 1

Reply

15 anon January 27, 2012 at 2:17 pm

echo -ne ‘\n# IPv6 disable\nnet.ipv6.conf.all.disable_ipv6 = 1\n’ >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf

Reply

16 rgo January 30, 2012 at 11:08 pm

Mind you, that dracut on EL6 builds a generic initrd by default. Module ipv6 can easily end up there, depending on the packages you have installed. Therefore make also sure that you have

# build initrd only to boot current hardware
hostonly=”yes”

in /etc/dracut.conf.

Reply

17 chinthaka June 12, 2012 at 7:44 am

How to disable IPv6 in centos ????

Reply

18 IgnitedMind April 5, 2013 at 10:02 am

1. I had already made following entries in ifcfg-eth0 :
IPv6INIT=NO
IPV6AUTOCONF=NO
2. Following entries were made in /etc/modprob.conf” :
alias net-pf-10 off
alias ipv6 off
3. These entries in /etc/sysconfig/network :
IPV6INIT=NO
NETWORKING_IPV6=NO
4. This line is added to /etc/modprobe.d/blaclist :
blacklist ipv6
5. Also I did one more in /etc/sysctl.conf :
6. `net.ipv6.conf.all.autoconf = 0`
7. `net.ipv6.conf.accept_ra = 0`

Still I am unable to disable IPV6 on linux, any thought please

Reply

19 Artur April 7, 2013 at 12:39 pm

Just try to add in /etc/sysctl.conf this string:

net.ipv6.conf.all.disable_ipv6 = 1

And restart the network daemon.
That’s all.

Reply

20 Gabriel April 16, 2013 at 4:33 pm

Note that the kernel still loads the module but unhooks almost all of the calls into the module. (apparently the IPv6 module has become so ingrained in the kernel that a number of other things, like certain firewall modules, require it.)

See: https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32577

Reply

Leave a Comment

Tagged as: , , , , , , , , ,

Previous Faq:

Next Faq: