IPv6#

Filtering#

GNU/Linux#

To filter all IPv6 packets except ICMPv6 messages, run these commands.

filter all IPv6 packets

ip6tables --policy INPUT DROP
ip6tables --policy FORWARD DROP
ip6tables --policy OUTPUT ACCEPT
ip6tables --append INPUT --in-interface lo --jump ACCEPT
ip6tables --append OUTPUT --out-interface lo --jump ACCEPT

accept ICMPv6 messages

ip6tables --append INPUT --protocol ipv6-icmp --jump ACCEPT

save the rules
```
dpkg-reconfigure iptables-persistent
```

Disabling#

See this youtube video

GNU/Linux#

See also

networking - How to disable IPv6 permanently? - Ask Ubuntu [1]
IPv6 - ArchWiki [2]

append these lines to the Sysctl configuration file

/etc/sysctl.conf#

# Disable IPv6.
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

reload the configuration
```
sysctl -p /etc/sysctl.conf
```
comment IPv6 hosts in /etc/hosts
reboot and check that everything still works

Warning

Disabling IPv6 on a server is not without dangers! See reference 2. Remember to disable IPv6 from server configurations such as OpenSSH and Unbound, for example.

/etc/ssh/sshd_config#

# [ ... ]
AddressFamily inet
ListenAddress 0.0.0.0
# [ ... ]

/etc/unbound/unbound.conf#

server:
    # [ ... ]
    do-ip6: no
# [ ... ]

OpenWRT#

You may want to disable IPv6 on OpenWrt because of DNS issues with recent Android OSes. Android uses the IPv6 DNSes advertised by an OpenWRT router even if you set a static IPv4 DNS.

IPv6

Contents

IPv6#

Filtering#

GNU/Linux#

Disabling#

GNU/Linux#

OpenWRT#