IPv6

Filtering

GNU/Linux

To filter all IPv6 packets except ICMPv6 messages, run these commands.

1. filter all IPv6 packets

   ip6tables --policy INPUT DROP
   ip6tables --policy FORWARD DROP
   ip6tables --policy OUTPUT ACCEPT
   ip6tables --append INPUT --in-interface lo --jump ACCEPT
   ip6tables --append OUTPUT --out-interface lo --jump ACCEPT
   

2. accept ICMPv6 messages

   ip6tables --append INPUT --protocol ipv6-icmp --jump ACCEPT
   

3. save the rules

   dpkg-reconfigure iptables-persistent
   

Disabilitazione

See this youtube video

GNU/Linux

Vedi anche

• networking - How to disable IPv6 permanently? - Ask Ubuntu [1]

• IPv6 - ArchWiki [2]

1. append these lines to the Sysctl configuration file

   /etc/sysctl.conf

   # Disable IPv6.
   net.ipv6.conf.lo.disable_ipv6 = 1
   net.ipv6.conf.all.disable_ipv6 = 1
   net.ipv6.conf.default.disable_ipv6 = 1
   

2. reload the configuration

   sysctl -p /etc/sysctl.conf
   

3. comment IPv6 hosts in /etc/hosts

4. reboot and check that everything still works

Avvertimento

Disabling IPv6 on a server is not without dangers! See reference 2. Remember to disable IPv6 from server configurations such as OpenSSH and Unbound, for example.

OpenSSHUnbound

/etc/ssh/sshd_config

# [ ... ]
AddressFamily inet
ListenAddress 0.0.0.0
# [ ... ]

OpenWRT

You may want to disable IPv6 on OpenWrt because of DNS issues with recent Android OSes. Android uses the IPv6 DNSes advertised by an OpenWRT router even if you set a static IPv4 DNS.

Vedi anche

• Be aware of Android’s shady IPv6 DNS - General - Pi-hole Userspace [3]

• [Solved] How can I completely disable ipv6 from LuCI? - Installing and Using OpenWrt / Network and Wireless Configuration - OpenWrt Forum [4]

1. login the LuCI web UI

2. append this content to System -> Startup -> Local Startup before the exit 0 command

   sysctl -w net.ipv6.conf.all.disable_ipv6=1
   sysctl -w net.ipv6.conf.default.disable_ipv6=1
   

   Nota

   The net.ipv6.conf.lo.disable_ipv6=1 option does not seem to have any effect on the loopback interface.

3. reboot

Footnotes

[1]

https://askubuntu.com/a/309463 CC BY-SA 4.0, Copyright (c) 2013, 2018 Eric Carvalho, abu_bua (at askubuntu.com)

[2]

https://wiki.archlinux.org/title/IPv6#Disable_IPv6 GNU Free Documentation License 1.3 or later, Copyright (c) ArchWiki contributors

[3]

https://discourse.pi-hole.net/t/be-aware-of-androids-shady-ipv6-dns/36636 unknown license

[4]

https://forum.openwrt.org/t/solved-how-can-i-completely-disable-ipv6-from-l unknown license