How to disable IPv6

Aerospike_Knowledge · September 29, 2017, 10:32pm

The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.

How to disable IPv6

Context

Certain organizational security requirements may mandate a disabling of IPv6. Disabling this protocol is usually done to limit possible attacks or vulnerabilities to services through IPV6 ports.

Aerospike will work with either ipv4 or ipv6 enabled but does not recommend disabling ipv6 with only sysctl as that can lead to a state where ipv6 is supported by the Kernel, while “half disabled” by sysctl.

To properly disable IPv6 on Linux, we suggest one of the following methods:

Block the ipv6 module at startup by modifying grub.conf
Disable the ipv6 module.

Methods to disable IPv6

Blocking the IPv6 module

Blocking the IPv6 linux module can be done by adding one of the following to the kernel loading line and rebooting the server:

ipv6.blacklist=yes if the module is added dynamically

ipv6.disable=1 if the module is compiled into the kernel

Typically on Centos7 the module is usually compiled in. You can add both do the kernel cmdline if you are unsure.

To check whether the module is disabled, run lsmod |grep ipv6, or modinfo ipv6. If the lsmod does not show an ipv6 module, it is compiled in.

Example:

sudo cat /etc/grub.conf 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-696.6.3.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-696.6.3.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root  KEYBOARDTYPE=pc KEYTABLE=us ipv6.blacklist=yes ipv6.disable=1 rd_NO_DM rhgb quiet
	initrd /initramfs-2.6.32-696.6.3.el6.x86_64.img
title CentOS 6 (2.6.32-642.el6.x86_64)
	root (hd0,0)
	kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root  KEYBOARDTYPE=pc KEYTABLE=us ipv6.blacklist=yes ipv6.disable=1 rd_NO_DM rhgb quiet
	initrd /initramfs-2.6.32-642.el6.x86_64.img

Disabling the IPv6 module

The following steps can be done to disable the IPv6 module at runtime after boot:

Create a file under /etc/modprobe.d/ that contains the following line:

install ipv6 /bin/true

Disable ip6tables:

chkconfig ip6tables off

Reboot the server.

Example file:

$ cat /etc/modprobe.d/killipv6.conf 
install ipv6 /bin/true

Notes

There is usually no need to disable ipv6. This knowledge-base is provided as an informational guide.

Keywords

ipv6, kernel, disable, sysctl, ipv4

Timestamp

9/21/2017

Topic		Replies	Views
IPv6 support Planning	4	2126	December 28, 2016
Aerospike Python Client Release 6.0.0 (May 10, 2021) Releases (Server, Client & Tools)	0	761	May 13, 2021
Does Aerospike support RedHat 7 and/or Centos 7? Installation	10	3679	November 7, 2014
Aerospike Centos 7 systemd Operations	5	2070	May 12, 2015
Aerospike on Centos 7 (3.8.1) Delivered Requests	5	2800	February 20, 2020

How to disable IPv6