Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?
You can easily prevent the kernel module from loading by updating the following two files:
- /etc/modprobe.conf – Kernel driver configuration file.
- /etc/sysconfig/network – RHEL / CentOS networking configuration file.
/etc/modprobe.conf
Edit /etc/modprobe.conf, enter:
# vi /etc/modprobe.conf
Append the following line:
install ipv6 /bin/true |
Save and close the file.
/etc/sysconfig/network
Edit /etc/sysconfig/network, enter:
# vi /etc/sysconfig/network
Update / add as follows:
NETWORKING_IPV6=no IPV6INIT=no |
Save and close the file. Restart networking service
# service network restart
# rmmod ipv6
Alternatively, simple reboot the box:
# reboot
Verify IPv6 is disabled, enter:
# lsmod | grep ipv6
# /sbin/ifconfig
21 comment
please let me know ,why should we do this ,more specifically just let me know the pros and cons of doing and not doing this.
One Pros that i can figure out is to prevent un-necessary services from staring off.Can u please list.
tu swarub:
speed up system and web browsing a lot.
I don’t have it ,shall i create a new one,is it safe,since it was not there by default.
Using Fedora 11
[[email protected] ~]# ll /etc/modprobe.conf
ls: cannot access /etc/modprobe.conf: No such file or directory
[[email protected] ~]#
You may have /etc/modprobe.d directory. add a file with the appropriate lines to that directory instead.
wat kind of installation do you have that does not contain /etc/modprobe.conf ?
to prevent unnecessary services from running, this is how you do it..
if you are running your linux as a web server, you wouldn’t want unnecessary ones such as isdn, bluetooth, avahi (network zeroconf) among others from running… correcto?
Anyway do a keyword search “linux hardening” which should get you going. Else fails.. google google google google
Fedora 11 does not have modprobe.conf anymore. Take a look here:
rpm -ql $(rpm -qf `type -p modprobe`)|grep etc
/etc/depmod.d
/etc/depmod.d/dist.conf
/etc/modprobe.d
/etc/modprobe.d/dist-oss.conf
/etc/modprobe.d/dist.conf
/etc/modprobe.d/local.conf
You would have to modify the files in /etc/modprobe.d/
George
Warning about this way of doing because it conflicts with network interface bonding :
http://osdir.com/ml/rhelv5-list/2009-09/msg00031.html
It should be noted here that while Fedora Core the Red Hat development OS, does not have /etc/modprobe.conf anymore. This article is really written for the RHEL/CentOS crowd. Now they do have an /etc/modprobe.conf file, and it’s required.
Thanks for the article. As described you can remove IPv6 protocol from the network on CentOS 5.5
after we remove IPv6, then what we should do to reverse it again?, jus in case if we need it on later…
Apache was heading in the right direction.
If you do not want IPv6 at this time,for RedHat/Centos,simply add this to
/etc/sysconfig/network.
NOZEROCONF=yes
This diables link-local on all interfaces.
If you decide to transition to IPv6,remove directive.
Easy.
# rmmod ipv6
ERROR: Module ipv6 is in use by cnic
how to get rid of this error??
thankx in advance
cnic is a Broadcomm NIC driver used by the bnx2i driver (Broadcomm iSCSI offload NIC driver). If you’re not using iSCSI, or if you’re not running iSCSI offloaded, you can choose not to insert this bnx2i kernel module. (which means in turn that the cnic kernel module will not be loaded).
In /etc/init.d/iscsid, comment out this line:
modprobe -q bnx2i
and reboot.
This is not reliable method. It would be better to do so:
sysctl net.ipv6.conf.default.disable_ipv6=1
Just make the changes and then reboot the server.
After that you can do the rmmod command and the error will not appear anymore.
the simplest way is.. adding “net.ipv6.conf.all.disable_ipv6 = 1” to your /etc/sysctl.conf (for the applications and services IPv6 is there but does nothing)
[[email protected] ~]$ sudo tail /etc/sysctl.conf -n2
# IPv6 disable
net.ipv6.conf.all.disable_ipv6 = 1
echo -ne ‘\n# IPv6 disable\nnet.ipv6.conf.all.disable_ipv6 = 1\n’ >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf
Mind you, that dracut on EL6 builds a generic initrd by default. Module ipv6 can easily end up there, depending on the packages you have installed. Therefore make also sure that you have
# build initrd only to boot current hardware
hostonly=”yes”
in /etc/dracut.conf.
How to disable IPv6 in centos ????
1. I had already made following entries in ifcfg-eth0 :
IPv6INIT=NO
IPV6AUTOCONF=NO
2. Following entries were made in /etc/modprob.conf” :
alias net-pf-10 off
alias ipv6 off
3. These entries in /etc/sysconfig/network :
IPV6INIT=NO
NETWORKING_IPV6=NO
4. This line is added to /etc/modprobe.d/blaclist :
blacklist ipv6
5. Also I did one more in /etc/sysctl.conf :
6. `net.ipv6.conf.all.autoconf = 0`
7. `net.ipv6.conf.accept_ra = 0`
Still I am unable to disable IPV6 on linux, any thought please
Just try to add in /etc/sysctl.conf this string:
net.ipv6.conf.all.disable_ipv6 = 1
And restart the network daemon.
That’s all.
Note that the kernel still loads the module but unhooks almost all of the calls into the module. (apparently the IPv6 module has become so ingrained in the kernel that a number of other things, like certain firewall modules, require it.)
See: https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32577