Since it may be a while before I'm ready to use the IPv6 on my systems, I've been disabling IPv6 on most servers so far. And since there's a particularly elegant way of doing this in Red Hat Linux, I think it's worth sharing.
How to confirm if IPv6 is running on your system
IPv6 is implemented as a kernel module, so you can use the lsmod command to confirm if it's currently running on your Red Hat system:
$ lsmod | grep ip ipv6 410913 36
If lsmod doesn't return anything, it confirms that your system isn't running IPv6.
Prevent IPv6 from getting started by modprobe
As you probably know, modprobe command is used for probing modules upon system boot. Probing simply means a module is loaded and an attempt is made to start it up. With any luck, the module starts successfully and its functionality becomes available to the Linux kernel.
For the boot stage, modprobe uses a special config file which helps you control its behavior: /etc/modprobe.conf. For now, let's just concentrate on the IPv6 task at hand. To make sure modprobe doesn't load the actual module next time your OS reboots, add the following line to the top of the /etc/modprobe.conf file (yes, you're going to need root privileges for this):
install ipv6 /bin/true
WHY THIS WORKS: just to quickly explain the line above, here's why we're using the /bin/true command. install is rule of the modprobe config file which overrides the standard way of probing a module. Effectively, it tells modprobe to just run the specified command for starting a module. In the line above, we're telling modprobe to use the /bin/true command for probing the ipv6 module. And as you remember, /bin/true is a command which doesn't do anything but still returns a successful completion code – so in effect we're doing nothing instead of loading the ipv6 module, and we're looking good while doing this too.
Next, add the the following two lines to the same /etc/modprobe.conf file, and they will ensure that common aliases used for starting the IPv6 module are ignored by modprobe:
alias net-pf-10 off alias ipv6 off
IMPORTANT: These change doesn't immediately disable IPv6 on your system. Being a pretty important module, IPv6 isn't easy to disable on a live system, and so the easiest is to always follow the changes above with a reboot.
Make sure your IPv6 firewall is disabled
The ip6tables service (/etc/init.d/ip6tables sciprt) is responsible for starting IPv6 firewall, and so you probably want to disable it:
# chkconfig ip6tables off
and then confirm that it won't be started next time you reboot or switch to any runlevel:
# chkconfig --list ip6tables ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
That's it, there really is nothing else to disabling IPv6. Let me know if you have any questions, otherwise I'll talk to you soon!
Nice write-up. I still prefer to achieve the effect by configuring ip6tables to filter out unwanted ip6 traffic, as it works fine across different OSes and any side-effects are warranted to be avoided.
I'm adding option ipv6.disable=1 to kernel line and this do the job.
How can you tell if the IP is being used by something before removing it?
Zach Eadie says
Nice guide, good use of /bin/true as well, props!
Why not disable during boot time?
Martin Lawrence says
Thanks for sharing..
It was a nice post.
Keep it up.
Just a quick note to say thanks for this. Saved me getting out my cheat-sheet! 🙂
When I did:
install ipv6 /bin/true
install: cannot stat `ipv6': No such file or directory
I was assuming that you just set "NETWORKING_IPV6=no" in /etc/sysconfig/network. Haven't actually done it yet though. I came here looking for info on whether it was possible to do it live.
Edinburgh IT Support says
I know this is Unix, but just FYI, if you're ever setting up an SBS 2008 server, DO NOT disable IPv6 or all it'll get nasty!
Windows will fail to start up when rebooting (an hour or two delay on the "loading profile" screen). Stupid? You bet! Thanks Microsoft.
Paul Preston says
for Red Hat 6 (and CentOS 6) users:
According to following article it’s better to disable kernel ipv6 functionality as opose to removing the module:
Cheap SSL Certificates says
There is already of IP V6 for red hat linux,