HI Guys
From a security perspective is it advisable to disable IPv6 access to the server ?
Can IPTables be used to do this ?
Thanks
Al
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Disable IPv6
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Disable IPv6
Of course. But you must also disable IPv4 for better security.alikzn101 wrote:From a security perspective is it advisable to disable IPv6 access to the server ?
No. ip6tables or nftables can drop all IPv6 packets but do not disable IPv6. The kernel parameter "ipv6.disable=1" disables IPv6 but may have issues with some programs which require the IPv6 kernel API. The kernel parameter "ipv6.ipv6_disable=1" (or disable_ipv6, not sure) disables IPv6 on all network interfaces by default but it might be re-enabled per-interface by the network manager configuration.alikzn101 wrote:Can IPTables be used to do this ?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Disable IPv6
It's ipv6.disable_ipv6=1. See also https://wiki.archlinux.org/index.php/IPv6#Disable_IPv6p.H wrote:The kernel parameter "ipv6.ipv6_disable=1" (or disable_ipv6, not sure) disables IPv6 on all network interfaces by default but it might be re-enabled per-interface by the network manager configuration.
deadbang
Re: Disable IPv6
Ok, maybe I should have asked DROP all IPv6 instead of disable. I don't want a case where I am writing rules for IPv4 and IPv6.