How to Disable IPv6 on Debian

April 17, 2023

This guide explains how to disable IPv6 on Debian-based systems.
While IPv6 offers numerous advantages over IPv4, there may be situations where you need to disable it, such as for network troubleshooting or reducing attack surface.
These instructions work on Debian 11 and later, as well as other Linux distributions like Ubuntu.

Before proceeding, verify your current IPv6 status:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

A result of 0 indicates IPv6 is enabled, while 1 means it's disabled.

Temporary Disable/Enable IPv6

To temporarily disable IPv6 without a system reboot:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1

To re-enable IPv6:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0

Permanent Configuration

1. Create sysctl configuration file

sudo nano /etc/sysctl.d/98-disable-ipv6.conf

Add these lines to the file:

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

2. Apply changes

Apply the configuration without rebooting:

sudo systemctl restart systemd-sysctl.service

3. Verify configuration

Check if IPv6 is disabled:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

The output should be 1 if IPv6 is successfully disabled.

Reverting Changes

To re-enable IPv6 permanently:

sudo rm /etc/sysctl.d/98-disable-ipv6.conf
sudo systemctl restart systemd-sysctl.service

Additional Methods to Disable IPv6

There are other ways to disable IPv6:

Kernel compilation without IPv6 support
Kernel command line parameter (ipv6.disable=1)
Direct /proc filesystem manipulation

The sysctl method described above is recommended as it's:

Easily reversible
Survives system reboots
Doesn't require kernel recompilation
Works across different Linux distributions

Security Considerations

While disabling IPv6 can reduce attack surface, it's important to note that:

Modern systems are designed to work with IPv6
Proper firewall configuration might be a better security measure
Some applications may require IPv6 functionality

Troubleshooting

If IPv6 remains enabled after following these steps:

Check for conflicting configurations:
```
grep -r ipv6 /etc/sysctl.d/
```
Verify system boot parameters:
```
cat /proc/cmdline
```
Ensure no other services are re-enabling IPv6:
```
sudo journalctl | grep -i ipv6
```

Resources

Arch Linux Wiki: IPv6 Configuration
- https://wiki.archlinux.org/title/IPv6
IPv6 Security Considerations
- https://security.stackexchange.com/q/181949
Linux IPv6 Documentation
- https://www.kernel.org/doc/Documentation/networking/ipv6.txt