How do I disable or enable the IPv6 protocol in Red Hat Enterprise Linux / CentOS

Disabling IPv6 support in Red Hat Enterprise Linux 8

• Disable ipv6 built-in kernel module.
  1. Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample:

     GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"
     

  2. Run the grub2-mkconfig command to regenerate the grub.cfg file:

     # grub2-mkconfig -o /boot/grub2/grub.cfg
     

     Alternatively, on UEFI systems, run the following:

     # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
     

  3. Reboot the system to disable IPv6 support.

  Note: While following above method if you notice any Selinux denied messages in audit.log file such as avc: denied { module_request } then disable the ipv6 from /etc/sysctl.d/ipv6.conf file shown below instead.

• Alternatively, this can be done via sysctl settings. Please be aware that this breaks SSH Xforwarding unless sshd_config contains AddressFamily inet.
  1. Create a new file named /etc/sysctl.d/ipv6.conf and add the following options:

     # First, disable for all interfaces
     net.ipv6.conf.all.disable_ipv6 = 1
     # If using the sysctl method, the protocol must be disabled all specific interfaces as well. 
     net.ipv6.conf.<interface>.disable_ipv6 = 1
     

  2. The new settings would then need to be reloaded with:

     # sysctl -p /etc/sysctl.d/ipv6.conf
     

  3. Create a backup of the initramfs:

     # cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).bak.$(date +%m-%d-%H%M%S).img
     

  4. Then rebuild the Initial RAM Disk Image using:

     # dracut -f -v
     

     4.1 Verifying file inclusion:

     # lsinitrd /boot/initramfs-<version>.img  | grep 'etc/sysctl.d/ipv6.conf'
     

  5. Comment out any IPv6 addresses found in /etc/hosts, including ::1 localhost address

     # cp -p /etc/hosts /etc/hosts.disableipv6
     # sed -i 's/^[[:space:]]*::/#::/' /etc/hosts
     

  Optionally to prevent rpc* messages output after disabling ipv6, edit /etc/netconfig for the lines starting with udp6 and tcp6; change the “v” in the third column to “-“(hyphen/dash).

Re-enabling IPv6 support in Red Hat Enterprise Linux 8

1. 1. Edit /etc/default/grub and delete the entry ipv6.disable=1 from the GRUB_CMDLINE_LINUX, like the following sample:

      GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root"
      

   2. Run the grub2-mkconfig command to regenerate the grub.cfg file:

      # grub2-mkconfig -o /boot/grub2/grub.cfg
      

      Alternatively, on UEFI systems, run the following:

      # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
      

   3. Delete the file /etc/sysctl.d/ipv6.conf which contains the entry:

      # First, disable for all interfaces
      net.ipv6.conf.all.disable_ipv6 = 1
      # If using the sysctl method, the protocol must be disabled all specific interfaces as well. 
      net.ipv6.conf.<interface>.disable_ipv6 = 1
      

   4. If the Initial RAM Disk image was created earlier while disabling IPv6 , only then carry out this step.

      # dracut -f
      

   5. Check the content of the file /etc/ssh/sshd_config and make sure the AddressFamily line is commented:

      #AddressFamily inet
      

   6. Make sure the following line exists in /etc/hosts, and is not commented out:

      ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
      

   7. Reboot the system to enable IPv6 support.