RedHat / Centos Disable IPv6 Networking

last updated in Categories , , , , , ,

Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?

Advertisements

You can easily prevent the kernel module from loading by updating the following two files:

  1. /etc/modprobe.conf – Kernel driver configuration file.
  2. /etc/sysconfig/network – RHEL / CentOS networking configuration file.

/etc/modprobe.conf

Edit /etc/modprobe.conf, enter:
# vi /etc/modprobe.conf
Append the following line:

install ipv6 /bin/true

Save and close the file.

/etc/sysconfig/network

Edit /etc/sysconfig/network, enter:
# vi /etc/sysconfig/network
Update / add as follows:

NETWORKING_IPV6=no
IPV6INIT=no

Save and close the file. Restart networking service
# service network restart
# rmmod ipv6
Alternatively, simple reboot the box:
# reboot
Verify IPv6 is disabled, enter:
# lsmod | grep ipv6
# /sbin/ifconfig

ADVERTISEMENTS

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

21 comment

  1. please let me know ,why should we do this ,more specifically just let me know the pros and cons of doing and not doing this.
    One Pros that i can figure out is to prevent un-necessary services from staring off.Can u please list.

  3. I don’t have it ,shall i create a new one,is it safe,since it was not there by default.
    Using Fedora 11

    [root@xbox ~]# ll /etc/modprobe.conf
    ls: cannot access /etc/modprobe.conf: No such file or directory
    [root@xbox ~]#

    1. You may have /etc/modprobe.d directory. add a file with the appropriate lines to that directory instead.

  4. wat kind of installation do you have that does not contain /etc/modprobe.conf ?
    to prevent unnecessary services from running, this is how you do it..
    if you are running your linux as a web server, you wouldn’t want unnecessary ones such as isdn, bluetooth, avahi (network zeroconf) among others from running… correcto?

    Anyway do a keyword search “linux hardening” which should get you going. Else fails.. google google google google

  5. Fedora 11 does not have modprobe.conf anymore. Take a look here:

    rpm -ql $(rpm -qf `type -p modprobe`)|grep etc
    /etc/depmod.d
    /etc/depmod.d/dist.conf
    /etc/modprobe.d
    /etc/modprobe.d/dist-oss.conf
    /etc/modprobe.d/dist.conf
    /etc/modprobe.d/local.conf

    You would have to modify the files in /etc/modprobe.d/

    George

  7. It should be noted here that while Fedora Core the Red Hat development OS, does not have /etc/modprobe.conf anymore. This article is really written for the RHEL/CentOS crowd. Now they do have an /etc/modprobe.conf file, and it’s required.

    Thanks for the article. As described you can remove IPv6 protocol from the network on CentOS 5.5

  9. Apache was heading in the right direction.

    If you do not want IPv6 at this time,for RedHat/Centos,simply add this to
    /etc/sysconfig/network.

    NOZEROCONF=yes

    This diables link-local on all interfaces.
    If you decide to transition to IPv6,remove directive.
    Easy.

  10. # rmmod ipv6
    ERROR: Module ipv6 is in use by cnic

    how to get rid of this error??
    thankx in advance

    1. cnic is a Broadcomm NIC driver used by the bnx2i driver (Broadcomm iSCSI offload NIC driver). If you’re not using iSCSI, or if you’re not running iSCSI offloaded, you can choose not to insert this bnx2i kernel module. (which means in turn that the cnic kernel module will not be loaded).

      In /etc/init.d/iscsid, comment out this line:
      modprobe -q bnx2i

      and reboot.

  11. This is not reliable method. It would be better to do so:

    sysctl net.ipv6.conf.default.disable_ipv6=1

  12. Just make the changes and then reboot the server.
    After that you can do the rmmod command and the error will not appear anymore.

  13. the simplest way is.. adding “net.ipv6.conf.all.disable_ipv6 = 1” to your /etc/sysctl.conf (for the applications and services IPv6 is there but does nothing)

    [xxxxxxx@xxxxxxx ~]$ sudo tail /etc/sysctl.conf -n2
    # IPv6 disable
    net.ipv6.conf.all.disable_ipv6 = 1

  14. echo -ne ‘\n# IPv6 disable\nnet.ipv6.conf.all.disable_ipv6 = 1\n’ >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf

  15. Mind you, that dracut on EL6 builds a generic initrd by default. Module ipv6 can easily end up there, depending on the packages you have installed. Therefore make also sure that you have

    # build initrd only to boot current hardware
    hostonly=”yes”

    in /etc/dracut.conf.

  17. 1. I had already made following entries in ifcfg-eth0 :
    IPv6INIT=NO
    IPV6AUTOCONF=NO
    2. Following entries were made in /etc/modprob.conf” :
    alias net-pf-10 off
    alias ipv6 off
    3. These entries in /etc/sysconfig/network :
    IPV6INIT=NO
    NETWORKING_IPV6=NO
    4. This line is added to /etc/modprobe.d/blaclist :
    blacklist ipv6
    5. Also I did one more in /etc/sysctl.conf :
    6. `net.ipv6.conf.all.autoconf = 0`
    7. `net.ipv6.conf.accept_ra = 0`

    Still I am unable to disable IPV6 on linux, any thought please

  18. Just try to add in /etc/sysctl.conf this string:

    net.ipv6.conf.all.disable_ipv6 = 1

    And restart the network daemon.
    That’s all.

    Still, have a question? Get help on our forum!

Tagged as: Tags , , ,