Monday, February 06, 2006

Disabling IPv6 under Linux

I set up a sguil sensor at home this weekend, and decided to have it monitor outside my firewall, just because I wanted to know what things looked like out there. This was a version of Linux, and I followed the standard host hardening prescription of turning off unecessary services and interfaces. Since I'm not using IPv6, I wanted to turn support for it off entirely.

Being too lazy to compile my own kernel (good bye, easy updates) I wanted to find a good way to disable IPv6 globally. It turns out that the easiest thing to do is to add the following to your /etc/modules.conf file, then reboot.


alias net-pf-10 off

This prevents the kernel from loading the module that supports IPv6 (called, "ipv6"). This is a CentOS 4.2 box, and I could find no easier way of accomplishing the same thing.

2 comments:

DavidJBianco said...

I'm not an Ubuntu user, so I can't be entirely sure, but I think the answer is "almost". The basic idea is the same (disabling the kernel module by aliasing it to something that doesn't exist. However, I did a quick search and found the following page which describes an alternate (better supported?) method of accomplishing the same thing on an Ubuntu system:

https://launchpad.net/distros/ubuntu/+ticket/192

I can't tell if that's really your problem or not, but it's best to disable IPv6 if you're not using it anyway. Good luck!

The Mr. Robert said...

you edit /etc/modprobe.d/aliases
and make the same changes,
alias ipv6 off
alias net-bf-10 off (? or whatever the alias is)