How to completely disable IPv6 for loopback interface on RHEL 5.6
I've done lots of research on how to disable IPv6 on RedHat Linux and I have it almost completely disabled. However the loopback interface is still getting an inet6 loopback address (::1/128). I can't find where IPV6 is still enabled for loopback.
To disable IPV6 I added the following settings to /etc/sysctl.conf:
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6=1
And also added the following line to /etc/sysconfig/network:
NETWORKING_IPV6=no
After rebooting, the inet6 address is gone from my physical interface (eth0), but is still there for lo:
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.x.x.x/21 brd 10.x.x.x scope global eth0
If I manually remove the IPV6 address from loopback and then bounce the interface, it comes back:
# ip addr del ::1/128 dev lo
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
# ip link set lo down
# ip link set lo up
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
I believe IPV6 should be disabled at the kernel level as confirmed by sysctl:
# sysctl net.ipv6.conf.lo.disable_ipv6
net.ipv6.conf.lo.disable_ipv6 = 1
Any ideas on what else would cause the loopback interface to get an IPV6 address?
Solution 1:
1) Disable ipv6 kernel module by creating file /etc/modprobe.d/ECS.conf containing:
alias net-pf-10 off
alias ipv6 off
2) Edit /etc/sysconfig/network and set:
NETWORKING_IPV6=off
3) Disable iptables for IPV6:
chkconfig ip6tables off
4) Reboot (I don't recommend removing the ipv6 kernel module manually)
Solution 2:
I usually just use the modprobe
/modload
framework to disable loading the ipv6
kernel module (/etc/modules
, /etc/modprobe.d
on Debian - Red Hat may have chosen different directories), or just don't build IPv6 support if building a custom kernel.