How to completely disable IPv6 for loopback interface on RHEL 5.6

I've done lots of research on how to disable IPv6 on RedHat Linux and I have it almost completely disabled. However the loopback interface is still getting an inet6 loopback address (::1/128). I can't find where IPV6 is still enabled for loopback.

To disable IPV6 I added the following settings to /etc/sysctl.conf:

net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6=1

And also added the following line to /etc/sysconfig/network:

NETWORKING_IPV6=no

After rebooting, the inet6 address is gone from my physical interface (eth0), but is still there for lo:

# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 10.x.x.x/21 brd 10.x.x.x scope global eth0

If I manually remove the IPV6 address from loopback and then bounce the interface, it comes back:

# ip addr del ::1/128 dev lo
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
# ip link set lo down
# ip link set lo up
# ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever

I believe IPV6 should be disabled at the kernel level as confirmed by sysctl:

# sysctl net.ipv6.conf.lo.disable_ipv6
net.ipv6.conf.lo.disable_ipv6 = 1

Any ideas on what else would cause the loopback interface to get an IPV6 address?


Solution 1:

1) Disable ipv6 kernel module by creating file /etc/modprobe.d/ECS.conf containing:

alias net-pf-10 off
alias ipv6 off

2) Edit /etc/sysconfig/network and set:

NETWORKING_IPV6=off

3) Disable iptables for IPV6:

chkconfig ip6tables off

4) Reboot (I don't recommend removing the ipv6 kernel module manually)

Solution 2:

I usually just use the modprobe/modload framework to disable loading the ipv6 kernel module (/etc/modules, /etc/modprobe.d on Debian - Red Hat may have chosen different directories), or just don't build IPv6 support if building a custom kernel.