How do I remove my IPv6 from my Linode?

Linode Staff

We're seeing unwanted traffic to our Linode over IPv6. Can we remove the IPV6 address from our Linode?

4 Replies

While there's no way to remove the public IPv6 address that's been assigned to your Linode, you can disable IPv6 by logging into your Linode via SSH and making configuration changes by running the following commands:

Fedora-based/CentOS

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

Debian-based/Ubuntu

sudo bash -c 'cat <<EOF >> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF'

Additionally, you'll want to configure your SSH daemon to only listen over IPv4 by running the following:

echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

Finally, reboot your Linode. Your Linode's IPv6 address should now be disabled and unable to receive IPv6 traffic. Keep in mind that disabling IPv6 may have unintended effects on other processes that depend on it, so further configuration changes may be required.

Just as a follow-up, the method listed for Ubuntu 18.04 appears to not work. This looks like it's currently a bug with the operating system. So the preferred method if editing /etc/sysctl.conf does not work will instead be to use the GRUB2 kernel and edit the kernel directly. You can do this by editing the /etc/default/grub file and adding the following lines:

FROM:
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
TO:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
GRUB_CMDLINE_LINUX="ipv6.disable=1"

After this, run sudo update-grub and reboot the Linode, and you should see IPv6 is disabled.

[[@scrane] (/community/user/scrane)] (/community/user/scrane) what would be the best way to verify this method was successful?

You also want to disable IPv6 for email & www as well. How you do this will depend on the severs you use.

You can do a ping6 on your domain. Your node should not respond. Alternatively, you can look at your boot log…there should be some notation that IPv6 is enabled or not.

Also, there’s this:

https://stackoverflow.com/questions/39983121/how-to-detect-if-system-has-ipv6-enabled-in-a-unix-shell-script

You can also block IPv6 traffic with your firewall without disabling IPv6 (maybe not the best solution but doable…and probably preferable if this is a short-term thing since it's easy to undo).

Is this "unwanted IPv6 traffic" spam or malicious in some way? If I might ask, why is IPv6 traffic "unwanted"?

— sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct