How To Disable IPv6 in Red Hat Linux

Since it may be a while before I’m ready to use the IPv6 on my systems, I’ve been disabling IPv6 on most servers so far. And since there’s a particularly elegant way of doing this in Red Hat Linux, I think it’s worth sharing.

How to confirm if IPv6 is running on your system

IPv6 is implemented as a kernel module, so you can use the lsmod command to confirm if it’s currently running on your Red Hat system:

$ lsmod | grep ip
ipv6                  410913  36

If lsmod doesn’t return anything, it confirms that your system isn’t running IPv6.

Prevent IPv6 from getting started by modprobe

As you probably know, modprobe command is used for probing modules upon system boot. Probing simply means a module is loaded and an attempt is made to start it up. With any luck, the module starts successfully and its functionality becomes available to the Linux kernel.

For the boot stage, modprobe uses a special config file which helps you control its behavior: /etc/modprobe.conf. For now, let’s just concentrate on the IPv6 task at hand. To make sure modprobe doesn’t load the actual module next time your OS reboots, add the following line to the top of the /etc/modprobe.conf file (yes, you’re going to need root privileges for this):

install ipv6 /bin/true

WHY THIS WORKS: just to quickly explain the line above, here’s why we’re using the /bin/true command. install is rule of the modprobe config file which overrides the standard way of probing a module. Effectively, it tells modprobe to just run the specified command for starting a module. In the line above, we’re telling modprobe to use the /bin/true command for probing the ipv6 module. And as you remember, /bin/true is a command which doesn’t do anything but still returns a successful completion code – so in effect we’re doing nothing instead of loading the ipv6 module, and we’re looking good while doing this too.

Next, add the the following two lines to the same /etc/modprobe.conf file, and they will ensure that common aliases used for starting the IPv6 module are ignored by modprobe:

alias net-pf-10 off
alias ipv6 off

IMPORTANT: These change doesn’t immediately disable IPv6 on your system. Being a pretty important module, IPv6 isn’t easy to disable on a live system, and so the easiest is to always follow the changes above with a reboot.

Make sure your IPv6 firewall is disabled

The ip6tables service (/etc/init.d/ip6tables sciprt) is responsible for starting IPv6 firewall, and so you probably want to disable it:

# chkconfig ip6tables off

and then confirm that it won’t be started next time you reboot or switch to any runlevel:

# chkconfig --list ip6tables
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off

That’s it, there really is nothing else to disabling IPv6. Let me know if you have any questions, otherwise I’ll talk to you soon!