How do I remove my IPv6 from my Linode?

Linode Staff

We're seeing unwanted traffic to our Linode over IPv6. Can we remove the IPV6 address from our Linode?

6 Replies

Linode Staff

While there's no way to remove the public IPv6 address that's been assigned to your Linode, you can disable IPv6 by logging into your Linode via SSH and making configuration changes by running the following commands:

Fedora-based/CentOS

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

Debian-based/Ubuntu

sudo bash -c 'cat <<EOF >> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF'

Additionally, you'll want to configure your SSH daemon to only listen over IPv4 by running the following:

echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

Finally, reboot your Linode. Your Linode's IPv6 address should now be disabled and unable to receive IPv6 traffic. Keep in mind that disabling IPv6 may have unintended effects on other processes that depend on it, so further configuration changes may be required.

Just as a follow-up, the method listed for Ubuntu 18.04 appears to not work. This looks like it's currently a bug with the operating system. So the preferred method if editing /etc/sysctl.conf does not work will instead be to use the GRUB2 kernel and edit the kernel directly. You can do this by editing the /etc/default/grub file and adding the following lines:

FROM:
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
TO:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
GRUB_CMDLINE_LINUX="ipv6.disable=1"

After this, run sudo update-grub and reboot the Linode, and you should see IPv6 is disabled.

[[@scrane] (/community/user/scrane)] (/community/user/scrane) what would be the best way to verify this method was successful?

You also want to disable IPv6 for email & www as well. How you do this will depend on the severs you use.

You can do a ping6 on your domain. Your node should not respond. Alternatively, you can look at your boot log…there should be some notation that IPv6 is enabled or not.

Also, there’s this:

https://stackoverflow.com/questions/39983121/how-to-detect-if-system-has-ipv6-enabled-in-a-unix-shell-script

You can also block IPv6 traffic with your firewall without disabling IPv6 (maybe not the best solution but doable…and probably preferable if this is a short-term thing since it's easy to undo).

Is this "unwanted IPv6 traffic" spam or malicious in some way? If I might ask, why is IPv6 traffic "unwanted"?

— sw

reference: https://itsfoss.com/disable-ipv6-ubuntu-linux/

On Ubuntu,
You can check if it worked using:
ip a

Only inet/IPv4 is available. You should not see any inet6/ipv6 on the reply something like this:-
1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether f2:3c:92:53:6b:85 brd ff:ff:ff:ff:ff:ff
inet 192.46.224.18/24 brd 192.46.224.255 scope global eth0
valid_lft forever preferred_lft forever</broadcast,multicast,up,lower_up></loopback,up,lower_up>

You write:

On Ubuntu,
You can check if it worked using:
ip a

The ip(8) command is pretty nearly universal…not just on Debian/Ubuntu.

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct