• Linux Netfilter tweaks for High traffic servers
    If you are serving a high traffic web/DNS server, and recently having PING loss to the server and not all HTTP request were successful to i...
  • TIME_WAIT in netstat
    So, ever wonder what all those TIME_WAITs are doing in your netstat listing? Okay, for those of you who don't spend all your waking hou...
  • PMTU (Path MTU) Discovery
    Summary Internet computers, mostly servers, sometimes send packets too large for part of a given path.  Not handling this correctly can m...

Disabling IPv6 support in Red Hat Enterprise Linux

source from: https://access.redhat.com/solutions/8709

Disabling IPv6 support in Red Hat Enterprise Linux 7

  • Disable ipv6 built-in kernel module.
  1. Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample:
    Raw
    GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"
  2. Run the grub2-mkconfig command to regenerate the grub.cfg file:
    Raw
    # grub2-mkconfig -o /boot/grub2/grub.cfg

Alternatively, on UEFI systems, run the following:        
# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
  3. Reboot the system to disable IPv6 support.
  • Alternatively, this can be done via sysctl settings. Please be aware that this breaks SSH Xforwarding unless sshd_config containsAddressFamily inet.
  1. Create a new file named /etc/sysctl.d/ipv6.conf and add the following options:
    Raw
    # To disable for all interfaces
net.ipv6.conf.all.disable_ipv6 = 1
# the protocol can be disabled for specific interfaces as well.
net.ipv6.conf..disable_ipv6 = 1
  2. The new settings would then need to be reloaded with:
    Raw
    # sysctl -p /etc/sysctl.d/ipv6.conf

Disabling IPv6 support in Red Hat Enterprise Linux 6

  1. Create a file /etc/modprobe.d/ipv6.conf with the following contents:
    Raw
    options ipv6 disable=1
  2. For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
    Raw
    # chkconfig ip6tables off
  3. Alternatively, the IPv6 support can also be disabled in the kernel through /etc/sysctl.conf by setting following parameter:
    Raw
    # IPv6 support in the kernel, set to 0 by default
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
Please be aware that this breaks SSH Xforwarding unless AddressFamily inet is set in sshd_config.
  1. Comment out any IPv6 addresses found in /etc/hosts, including ::1 localhost address
    Raw
    # cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts
  2. Optionally to prevent rpc.nfsd setting up IPv6 sockets while NFS server is running, edit /etc/netconfig for the lines starting with udp6 and tcp6; change the "v" in the third column to "-"(hyphen/dash)
  3. Reboot the system to disable IPv6 support.
Note: The solution above only disables(unhooks all of the calls) the ipv6 module, but doesn't prevent it from loading. Unloading the module isn't recommended due to the dependency factors it has with other modules(for example: bonding) and services. To prevent the module from loading, modify/etc/modprobe.d/ipv6.conf with the following only:
Raw
install ipv6 /bin/true

Re-enabling IPv6 support in Red Hat Enterprise Linux 6

  1. Review the files under /etc/modprobe.d/ and remove (or comment out) any of the following lines:
    Raw
    options ipv6 disable=1
install ipv6 /bin/true
blacklist ipv6
alias ipv6 off
  2. Configure the ip6tables service to start at boot by issuing the following command:
    Raw
    # chkconfig ip6tables on
  3. Make sure the following options to your /etc/sysctl.conf are
    Raw
    # ipv6 support in the kernel, set to 0 by default
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
  4. Make sure the following line exists in /etc/hosts, and is not commented out.
    Raw
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  5. Edit /etc/netconfig for the lines starting with udp6 and tcp6; change the "-"(hyphen/dash) in the third column to "v"
  6. Reboot the system to activate IPv6 support.

Disabling IPv6 support in Red Hat Enterprise Linux 5

  1. Remove the following line (if present) from the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 ipv6
  2. Add the following line to the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 off
  3. In versions of Red Hat Enterprise Linux before 5.4, add the following line to the /etc/modprobe.conf file:
    Raw
    alias ipv6 off
  4. In Red Hat Enterprise Linux 5.4 and later, add the following line to the /etc/modprobe.conf file:
    Raw
    options ipv6 disable=1
  5. To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
    Raw
    NETWORKING_IPV6=no
  6. Comment out any IPv6 addresses found in /etc/hosts, including ::1 localhost address
    Raw
    # cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts
  7. For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
    Raw
    # chkconfig ip6tables off
  8. Reboot the system to disable IPv6 support.

Re-enabling IPv6 support in Red Hat Enterprise Linux 5

  1. Remove the following lines (if present) from the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 off
alias ipv6 off
options ipv6 disable=1
  2. Add the following line to the /etc/modprobe.conf file (if not present already):
    Raw
    alias net-pf-10 ipv6
  3. Change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
    Raw
    NETWORKING_IPV6=yes
  4. Make sure the following line exists in /etc/hosts, and is not commented out.
    Raw
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  5. For completeness, it is a good idea to configure the ip6tables service to start at boot by issuing the following command:
    Raw
    # chkconfig ip6tables on
  6. Reboot the system to re-enable IPv6 support.

Disabling IPv6 support in Red Hat Enterprise Linux 4

  1. Remove the following line (if present) from the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 ipv6
  2. Add the following line to the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 off
  3. Comment out any IPv6 addresses found in /etc/hosts, including ::1 localhost address
    Raw
    # cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts
  4. Reboot the system to disable IPv6 support.

Re-enabling IPv6 support in Red Hat Enterprise Linux 4

  1. Remove the following line from the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 off
  2. Add the following line to the /etc/modprobe.conf file:
    Raw
    alias net-pf-10 ipv6
  3. Make sure the following line exists in /etc/hosts, and is not commented out.
    Raw
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  4. Reboot the system to re-enable IPv6 support.

Additional notes

Disabling IPv6 by blacklisting the module invalidates bonding in the system.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)