IPv6
Contents
IPv6#
Filtering#
GNU/Linux#
To filter all IPv6 packets except ICMPv6 messages, run these commands.
filter all IPv6 packets
ip6tables --policy INPUT DROP ip6tables --policy FORWARD DROP ip6tables --policy OUTPUT ACCEPT ip6tables --append INPUT --in-interface lo --jump ACCEPT ip6tables --append OUTPUT --out-interface lo --jump ACCEPT
accept ICMPv6 messages
ip6tables --append INPUT --protocol ipv6-icmp --jump ACCEPT
save the rules
dpkg-reconfigure iptables-persistent
Disabling#
GNU/Linux#
append these lines to the
Sysctl configuration file
/etc/sysctl.conf## Disable IPv6. net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
reload the configuration
sysctl -p /etc/sysctl.conf
comment IPv6 hosts in
/etc/hosts
reboot and check that everything still works
OpenWRT#
You may want to disable IPv6 on OpenWrt because of DNS issues with recent Android OSes. Android uses the IPv6 DNSes advertised by an OpenWRT router even if you set a static IPv4 DNS.
See also
login the LuCI web UI
append this content to
System
->Startup
->Local Startup
before theexit 0
commandsysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1
Note
The
net.ipv6.conf.lo.disable_ipv6=1
option does not seem to have any effect on the loopback interface.reboot
Footnotes
- 1
https://askubuntu.com/a/309463 CC BY-SA 4.0, Copyright (c) 2013, 2018 Eric Carvalho, abu_bua (at askubuntu.com)
- 2
https://wiki.archlinux.org/title/IPv6#Disable_IPv6 GNU Free Documentation License 1.3 or later, Copyright (c) ArchWiki contributors
- 3
https://discourse.pi-hole.net/t/be-aware-of-androids-shady-ipv6-dns/36636 unknown license
- 4
https://forum.openwrt.org/t/solved-how-can-i-completely-disable-ipv6-from-l unknown license