How do I remove my IPv6 from my Linode?
We're seeing unwanted traffic to our Linode over IPv6. Can we remove the IPV6 address from our Linode?
While there's no way to remove the public IPv6 address that's been assigned to your Linode, you can disable IPv6 by logging into your Linode via SSH and making configuration changes by running the following commands:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
sudo bash -c 'cat <<EOF >> /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 EOF'
Additionally, you'll want to configure your SSH daemon to only listen over IPv4 by running the following:
echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config
Finally, reboot your Linode. Your Linode's IPv6 address should now be disabled and unable to receive IPv6 traffic. Keep in mind that disabling IPv6 may have unintended effects on other processes that depend on it, so further configuration changes may be required.
Just as a follow-up, the method listed for Ubuntu 18.04 appears to not work. This looks like it's currently a bug with the operating system. So the preferred method if editing /etc/sysctl.conf does not work will instead be to use the
GRUB2 kernel and edit the kernel directly. You can do this by editing the
/etc/default/grub file and adding the following lines:
FROM: GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="" TO: GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" GRUB_CMDLINE_LINUX="ipv6.disable=1"
After this, run
sudo update-grub and reboot the Linode, and you should see IPv6 is disabled.
[[@scrane] (/community/user/scrane)] (/community/user/scrane) what would be the best way to verify this method was successful?
You also want to disable IPv6 for email & www as well. How you do this will depend on the severs you use.
You can do a ping6 on your domain. Your node should not respond. Alternatively, you can look at your boot log…there should be some notation that IPv6 is enabled or not.
Also, there’s this:
You can also block IPv6 traffic with your firewall without disabling IPv6 (maybe not the best solution but doable…and probably preferable if this is a short-term thing since it's easy to undo).
Is this "unwanted IPv6 traffic" spam or malicious in some way? If I might ask, why is IPv6 traffic "unwanted"?