Monday, February 06, 2006

Disabling IPv6 under Linux

I set up a sguil sensor at home this weekend, and decided to have it monitor outside my firewall, just because I wanted to know what things looked like out there. This was a version of Linux, and I followed the standard host hardening prescription of turning off unecessary services and interfaces. Since I'm not using IPv6, I wanted to turn support for it off entirely.

Being too lazy to compile my own kernel (good bye, easy updates) I wanted to find a good way to disable IPv6 globally. It turns out that the easiest thing to do is to add the following to your /etc/modules.conf file, then reboot.


alias net-pf-10 off

This prevents the kernel from loading the module that supports IPv6 (called, "ipv6"). This is a CentOS 4.2 box, and I could find no easier way of accomplishing the same thing.

3 comments:

Anonymous said...

Hey,

I'm running Ubuntu on a toshiba laptop and I was told that disabeling ipv6 would help with my internet problem (can't connect even though I can ping out to www's and so on) would you happen to know if that command you posted would work for me too? Thanks!

DavidJBianco said...

I'm not an Ubuntu user, so I can't be entirely sure, but I think the answer is "almost". The basic idea is the same (disabling the kernel module by aliasing it to something that doesn't exist. However, I did a quick search and found the following page which describes an alternate (better supported?) method of accomplishing the same thing on an Ubuntu system:

https://launchpad.net/distros/ubuntu/+ticket/192

I can't tell if that's really your problem or not, but it's best to disable IPv6 if you're not using it anyway. Good luck!

The Mr. Robert said...

you edit /etc/modprobe.d/aliases
and make the same changes,
alias ipv6 off
alias net-bf-10 off (? or whatever the alias is)