They say that by disabling IPv6 things get a bit smoother and faster regarding networking. I don’t really know if this is true, but I guess, if you’ve decided to disable this feature, you probably care to do it the Right Way™. As far as I know, trying to disable IPv6 through anaconda during the installation of Fedora or CentOS does not turn off the IPv6 functionality completely, but it just disables it for the configured network interface. This is not actually a problem, but, why should this network layer be enabled system-wide, if you do not use it at all? This small article assists you in disabling IPv6 in the latest Fedora and CentOS releases in an aggressive and unforgiving way.
Check if the module is loaded
IPv6 functionality is being made available to the system by the ipv6 kernel module. To check if this module is currently loaded in your system, issue the following command as root:
lsmod | grep ipv6
If you see ipv6 in its output, then the module is loaded.
Performing this check is absolutely not necessary. It is included in this article for completeness.
Disable IPv6
You can prevent a module from being inserted into the kernel by either blacklisting it or by completely disabling it.
In this case, since you will most probably turn off the IPv6 firewall (ip6tables) as well, it is highly recommended to completely disable the ipv6 module, to avoid any accidental loading of the IPv6 stack without any firewall protection at the same time.
How the module blacklist works
This information about blacklisting a kernel module exists here for educational purposes. It has been mentioned above that for ipv6 it is important to completely disable it.
From the modprobe.conf man page:
Modules can contain their own aliases: usually these are aliases describing the devices they support, such as “pci:123…”. These “internal” aliases can be overridden by normal “alias” keywords, but there are cases where two or more modules both support the same devices, or a module invalidly claims to support a device: the blacklist keyword indicates that all of that particular module’s internal aliases are to be ignored.
So, blacklist indicates that a module’s aliases should be ignored. But, what happens if an application requires to load that specific module or if root uses modprobe to load it on demand? Let’s test it…
To blacklist the module, simply save the following line in a file inside /etc/modprobe.d:
blacklist ipv6
Next, disable any services that use IPv6, eg ip6tables or any IPv6-enabled network interfaces and reboot (mandatory).
After you’ve logged-in again, try, for example, to load the ipv6 module with the modprobe command (as root):
[root@centos]# modprobe -v ipv6
insmod /lib/modules/2.6.18-53.1.14.el5/kernel/net/ipv6/ipv6.ko
[root@centos]# lsmod | grep v6
ipv6 251393 8
The blacklisted module has been loaded. This is what happens if it is needed by a system service, regardless of the fact that it has been blacklisted. In the case of ipv6 this could be a security risk, provided that the ipv6 firewall has been turned off but some network interfaces still use IPv6. So, frankly, it is suggested to read on how to disable the module more aggressively…
Completely disable the ipv6 module
To completely disable IPv6 in your system, all you have to do is save the following line in a file inside /etc/modprobe.d/.
install ipv6 /bin/true
The above line means: whenever the system needs to load the ipv6 kernel module, it is forced to execute the command true instead of actually loading the module. Since /bin/true, does absolutely nothing, the module never gets loaded.
Again, it is required to reboot for the changes to take effect.
It is obvious that this is an aggressive method to disable kernel modules, but it guarantees that the module never gets loaded.
This is the recommended way to disable IPv6.
Other Configuration Tasks
Since the IPv6 functionality has been disabled, you can disable the ip6tables service (IPv6 Firewall). Issue the following command as root:
chkconfig ip6tables off
It is also a good idea, since the ip6tables service has been turned off, to disable any IPv6-related functionality in the network interface configuration. Even if you do not do this, the IPv6 stack will not be initialized because the ipv6 module cannot be loaded. But, generally, you could set the following options to “no” inside your network interface scripts, for example: /etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=no
IPV6_AUTOCONF=no
Finally, In fedora 8 or newer you can safely remove the following option from the /etc/sysconfig/network file, if it exists:
NETWORKING_IPV6=no
Final Thoughts
Using the instructions above, you can completely disable IPv6 in your system. On the other hand, you should understand that IPv6 is not an evil thing… It exists in order to address certain issues. If you ever think about actually trying to configure and use it instead of just disabling it every time you install your Linux operating system, here is a good place to start…
The How to Disable IPv6 in Fedora and CentOS by George Notaras, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Terms and conditions beyond the scope of this license may be available at www.g-loaded.eu.
Reference: http://www.g-loaded.eu/2008/05/12/how-to-disable-ipv6-in-fedora-and-centos/
RedHat / Centos Disable IPv6 Networking
Our policy and network configuration does not requires IPv6 support in RHEL / CentOS / Fedora Linux. How do I prevent the kernel module from loading at boot time and disable IPv6 networking?
You can easily prevent the kernel module from loading by updating the following two files:
1. /etc/modprobe.conf - Kernel driver configuration file.
2. /etc/sysconfig/network - RHEL / CentOS networking configuration file.
/etc/modprobe.conf
Edit /etc/modprobe.conf, enter:
# vi /etc/modprobe.conf
Append the following line:
install ipv6 /bin/true
Save and close the file.
/etc/sysconfig/network
Edit /etc/sysconfig/network, enter:
# vi /etc/sysconfig/network
Update / add as follows:
NETWORKING_IPV6=no
IPV6INIT=no
Save and close the file. Restart networking service
# service network restart
# rmmod ipv6
Alternatively, simple reboot the box:
# reboot
Verify IPv6 is disabled, enter:
# lsmod | grep ipv6
# /sbin/ifconfig
Reference: http://www.cyberciti.biz/faq/redhat-centos-disable-ipv6-networking/
8. How do I disable IPv6?
* Edit /etc/sysconfig/network and set "NETWORKING_IPV6" to "no"
* Add the following to /etc/modprobe.conf :
alias ipv6 off
alias net-pf-10 off
*
Run chkconfig ip6tables off to disable the IPv6 firewall
* Reboot the system
Alternative (which might be easier and works on any release with /etc/modprobe.d):
echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6
* With the 5.4 update symbol/ipv6 module dependency capabilities have been introduced; therefore, if IPv6 has been previously disabled as above an upgrade to the bonding driver in 5.4 will result in the bonding kernel module failing to load. For the module to load properly use instead:
echo "options ipv6 disable=1" > /etc/modprobe.d/disable-ipv6
Reference: http://wiki.centos.org/FAQ/CentOS5
How do I disable the IPv6 protocol in Red Hat Enterprise Linux?
Release Found: Red Hat Enterprise Linux 4 and later
Red Hat Enterprise Linux 4 and 5 enable Internet Protocol Version 6 (IPv6) by default. However, in certain situations, some users may find it desirable to disable IPv6 support.
Disabling IPv6 Support Red Hat Enterprise Linux 4
If the following line exists in the /etc/modprobe.conf file, remove it:
alias net-pf-10 ipv6
Add the following line to the /etc/modprobe.conf file:
alias net-pf-10 off
Reboot the system to disable IPv6 support.
Re-enabling IPv6 Support Red Hat Enterprise Linux 4
Remove the following line from the /etc/modprobe.conf file.
alias net-pf-10 off
You must reboot the system to activate IPv6 support.
Disabling IPv6 Support Red Hat Enterprise Linux 5
If the following line exists in the /etc/modprobe.conf file, remove it:
alias net-pf-10 ipv6
Add the following line to the /etc/modprobe.conf file:
alias net-pf-10 off
In versions of Red Hat Enterprise Linux before 5.4, add the following line to the /etc/modprobe.conf file:
alias ipv6 off
In Red Hat Enterprise Linux 5.4 and later, add the following line to the /etc/modprobe.conf file:
options ipv6 disable=1
To prevent errors during the network initscript start routine, change the NETWORKING_IPV6 parameter in the /etc/sysconfig/network file to the following:
NETWORKING_IPV6=no
For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:
chkconfig ip6tables off
Once both the alias net-pf-10 off and alias ipv6 off lines are present in the /etc/modprobe.conf file and NETWORKING_IPV6=no is set in the /etc/sysconfig/network file, reboot the system to disable IPv6 support.
Re-enabling IPv6 Support Red Hat Enterprise Linux 5
To re-enable IPv6 on Red Hat Enterprise Linux 5 systems, remove the following lines from the /etc/modprobe.conf file:
alias net-pf-10 off
alias ipv6 off
Set the following parameter in the /etc/sysconfig/network file:
NETWORKING_IPV6=yes
Re-enable ipv6tables by issuing the following command:
chkconfig ip6tables on
You must reboot the system to activate IPv6 support.
Reference: http://kbase.redhat.com/faq/docs/DOC-8711