Wednesday, December 15, 2010

How to disable ipv6 in Debian

Here are simple steps to disable ipv6 in Debian:
  1. Comment out anything related to ipv6 in /etc/hosts
  2. SSH. Ensure AddressFamily inet is set in /etc/ssh/sshd_config. Restart ssh.
  3. BIND. Ensure listen-on-v6 { none; }; in /etc/bind/named.conf.options. Restart bind9.
  4. NTP. Ensure -4 option is set in /etc/default/ntp (e.g. NTPD_OPTS='-4 -g'). Restart ntp.
  5. APACHE2. Ensure Listen in /etc/apache2/ports.conf file. Restart apache2.
  6. RPCBIND (rpc.statd, rpc.mountd). Comment out the appropriate entries in /etc/netconfig:
    udp        tpi_clts      v     inet     udp     - -
    tcp        tpi_cots_ord  v     inet     tcp     - -
    #udp6       tpi_clts      v     inet6    udp    - -
    #tcp6       tpi_cots_ord  v     inet6    tcp    - -
    rawip      tpi_raw       -     inet      -      - -
    local      tpi_cots_ord  -     loopback  -      - -
    unix       tpi_cots_ord  -     loopback  -      - -
  7. PostgreSQL 9. Ensure ipv4 in listen_addresses (file /etc/postgresql/9.1/main/postgresql.conf):
    # - Connection Settings
    listen_addresses = ''
    Comment out lines related to ipv6 (file /etc/postgresql/9.1/main/pg_hba.conf):
    # IPv6 local connections:
    #host  all     all     ::1/128   md5
    Restart postgresql.
  8. Disable ipv6 in kernel:
    echo net.ipv6.conf.all.disable_ipv6=1 \
    > /etc/sysctl.d/disableipv6.conf
  9. Disable ipv6 in kernel modules (file /etc/modprobe.d/aliases.conf):
    # alias net-pf-10 ipv6
    alias net-pf-10 off
    alias ipv6 off
The next time the system boots it will have ipv6 disabled. Let verify it with:
netstat -tunlp
Here is a sample output:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0*               LISTEN      895/named       
tcp        0      0  *               LISTEN      895/named       
tcp        0      0    *               LISTEN      734/sshd        
tcp        0      0 *               LISTEN      895/named       
udp        0      0*                           895/named       
udp        0      0  *                           895/named         
Read more about ipv6 here.


  1. Replies
    1. Practically, you don't need it... thus there is a way get rid of it.

    2. Because my ISP does not support it and I hate error messages about it in logs.

  2. Thank your for the post. It helps me solving NTP issue.

  3. Very much appreciated. The most straight-forward and concise how-to ever!

  4. Disabling Samba IPv6 listener in /etc/samba/smb.conf

    Set interfaces to your network interface device better than to the IP address:

    interfaces = eth0

    and bind it:

    bind interface only = yes