How to disable IPv6 in Linux?

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. IPv6 is relatively new and sometimes depending on how it’s configured, it can behave badly. This post will show how to disable IPv6 in Linux distro such as Ubuntu, Debian, Kali, Linux Mint etc. How to disable IPv6 in Linux - blackMORE Ops - 1 300px

Every device on the Internet is assigned an IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses than the IPv4 address space has available were necessary to connect new devices in the future. By 1998, the Internet Engineering Task Force (IETF) had formalized the successor protocol. IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses and provides approximately 4.3 billion addresses. The two protocols are not designed to be interoperable, complicating the transition to IPv6. However, several IPv6 transition mechanisms have been devised to permit communication between IPv4 and IPv6 hosts.

IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.

IPv6 addresses are represented as eight groups of four hexadecimal digits with the groups being separated by colons, for example 2001:0db8:85a3:0042:1000:8a2e:0370:7334, but methods to abbreviate this full notation exist. However it is not yet widely supported and its adoption is still in progress.

Does your system support IPv6 ?

To make IPv6 work, you need an Operating System that supports IPv6. Ubuntu, Debian, Linux Mint and most modern distros does that. You can check output of ifconfig to see if IPv6 is working and whether it’s assigned to the network interfaces:

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1c:c0:f8:79:ee  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21c:c0ff:fef8:79ee/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:110880 errors:0 dropped:0 overruns:0 frame:0
          TX packets:111960 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:62289395 (62.2 MB)  TX bytes:25169458 (25.1 MB)
          Interrupt:20 Memory:e3200000-e3220000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:45258 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45258 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4900560 (4.9 MB)  TX bytes:4900560 (4.9 MB)

Check the line inet6 addr

Next you need a router/modem that also supports IPv6. And beyond that, your ISP must also support IPv6.

Instead of checking every part of the network infrastructure, its better to just find out if you can connect to websites over IPv6. There are lots of websites that test IPv6 support on your connection. Check out http://testmyipv6.com/ for example.

The kernel parameters that enable IPv6 are as follows

$ sysctl net.ipv6.conf.all.disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0

$ sysctl net.ipv6.conf.default.disable_ipv6
net.ipv6.conf.default.disable_ipv6 = 0

$ sysctl net.ipv6.conf.lo.disable_ipv6
net.ipv6.conf.lo.disable_ipv6 = 0

The same can be also be checked from the proc files

$ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
0

Note that the variables control disabling of IPv6. So setting them to 1 would disable IPv6

Disable IPv6 if its not supported

So if IPv6 is not supported on your network infrastructure, it might be useful to disable it all together. Why ? It can cause issues like delayed domain lookups, un-necessary attempts to connect to IPv6 addresses causing delay in network connection etc.

I did come across some problems like that. The apt-get command occasionally tries to connect to IPv6 addresses and fails and then retries an ipv4 address. Take a look at this output

$ sudo apt-get update
Ign http://archive.canonical.com trusty InRelease
Ign http://archive.canonical.com raring InRelease                                                                                                    
Err http://archive.canonical.com trusty Release.gpg                                                                                                  
  Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]
Err http://archive.canonical.com raring Release.gpg                                                                                                  
  Cannot initiate the connection to archive.canonical.com:80 (2001:67c:1360:8c01::1b). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8c01::1b 80]

.....

Errors like those have been more frequent in the recent Ubuntu versions, probably because they try to use IPv6 more than before.

I noticed similar issues happen in other applications like Hexchat and also Google Chrome which would sometimes take longer than usual to lookup a domain name.

So the best solution is to disable IPv6 entirely to get rid of those things. It takes only a small configuration and can help you solve many network issues on your system. Users have even reported an increase in internet speed.

Method 1 – Disable IPv6

Edit the file – /etc/sysctl.conf

$ sudo gedit /etc/sysctl.conf

And fill in the following lines at the end of that file

# IPv6 disabled
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Save the file and close it

Restart sysctl with

$ sudo sysctl -p

Check the output of ifconfig again and there should be no ipv6 address

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:5f:28:8b  
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1346 errors:0 dropped:0 overruns:0 frame:0
          TX packets:965 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1501691 (1.5 MB)  TX bytes:104883 (104.8 KB)

If it does not work, then try rebooting the system and check ifconfig again.

Method 2 – Disable IPv6 – GRUB method

IPv6 can also be disabled by editing the grub configuration file

$ sudo gedit /etc/default/grub

Look for the line containing GRUB_CMDLINE_LINUX and edit it as follows

GRUB_CMDLINE_LINUX="ipv6.disable=1"

The same can also be added to the value of the variable named GRUB_CMDLINE_LINUX_DEFAULT and either would work. Save the file, close it and regenerate the grub configuration

$ sudo update-grub2

Reboot. Now IPv6 should be disabled.

Method 3 – Without disabling IPv6 – setting IPv4 as preferred over IPv6

Find at getaddrinfo(3)s configuration file; i.e. /etc/gai.conf and uncomment the line to prefer IPv4 over IPv6.

$ sudo gedit /etc/gai.conf

Locate this line and un-comment it:

#precedence ::ffff:0:0/96  100

So that it looks like this:

precedence ::ffff:0:0/96  100

Save and exit the file. Reboot and you’re all set as IPv4 is preferred now. This is the best way when you want to keep IPv6 enabled but prefer IPv4 for DNS lookup or such.

Conclusion

Disabling IPv6 can cause problems. If your Internet connection and router have already migrated to IPv6, you’ll lose the ability to use it properly. IPv6 may also be required for some home networking functions — for example, the easy-to-use Homegroup home networking feature introduced in Windows 7, Linux etc. requires IPv6 enabled on the computers on your home network to use it.

The entire world is moving towards IPv6, although it’s happening too slowly. IPv6 is necessary to replace IPv4 — we’re running out of IPv4 addresses and IPv6 is the solution. In that context, the last method of setting preferences (Without disabling IPv6 – setting IPv4 as preferred over IPv6) is better. There’s a good chance you don’t actually need IPv6 on your network — unless you rely on Windows Homegroup or similar features — so it may not be particularly harmful to remove if if you know what you’re doing. However, you won’t see a speed improvement from clinging to IPv4 unless there are serious problems with your Internet service provider’s network or your home network.

The moral is, if you notice that IPv6 needs fixing, fix it today rather than postponing until tomorrow. We live in the early days of mass deployment of IPv6, and we need to work together to untangle the implementation quirks that arise. The list of fixes above represents only a small sampling of potential issues. You can always seek help Online at any number of reputable IPv6 discussion forums. Use network misbehavior as an opportunity to learn about and improve the state of IPv6 internetworking and resist any temptations to disable the protocol.

Check Also

Identifying harmful activity on your captured traffic

This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified …

HELK - An Open Source Threat Hunting Platform

HELK – An Open Source Threat Hunting Platform

The Hunting ELK or simply the HELK is an Open Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

6 comments

  1. IPv6 may also be required for some home networking functions — for example, the easy-to-use Homegroup home networking feature introduced in Windows 7

    That seems like a good enough reason to turn IPV6 off right there.

  2. What does “precedence ::ffff:0:0/96 100” do in particular?

  3. You don’t need to reboot after editing /etc/gai.conf. Changes will be applied immediately.

  4. Ok, I am seriously missing the point here. If your own network equipment does not support ipv6, your equipment is garbage and should be replaced. If your isp’s equipment doesn’t support ipv6 it is garbage and they should replace it. If their equipment doesn’t supports it but they don’t give out ipv6 addresses your isp is garbage and you should continue calling customer support and asking them to fix your broken connection or just switch isps.

    Turning off ipv6 is like applying a tourniquet to a leg with a severed artery. Sure, it’ll stop the bleeding, but the permanent solution is repairing the artery not cutting of the leg.

    • Hello m,
      You can legit questions.
      You can create teredo tunnel over tunnel and there’s nothing a firewall/IPS can do about it (think of it as a built in VPN capability). Hence the post to disable in case someone wants it.
      There’s a simple method we use in corporate environment, if not used, disable/block it. I am not worried about ISP’s; I am more worried about my IPS’s not being able to decrypt such traffic. Hope that explains. Cheers,
      -BMO

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.