Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Disable IPv6

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
alikzn101
Posts: 15
Joined: 2020-10-09 01:06

Disable IPv6

#1 Post by alikzn101 »

HI Guys

From a security perspective is it advisable to disable IPv6 access to the server ?
Can IPTables be used to do this ?

Thanks
Al

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Disable IPv6

#2 Post by p.H »

alikzn101 wrote:From a security perspective is it advisable to disable IPv6 access to the server ?
Of course. But you must also disable IPv4 for better security.
alikzn101 wrote:Can IPTables be used to do this ?
No. ip6tables or nftables can drop all IPv6 packets but do not disable IPv6. The kernel parameter "ipv6.disable=1" disables IPv6 but may have issues with some programs which require the IPv6 kernel API. The kernel parameter "ipv6.ipv6_disable=1" (or disable_ipv6, not sure) disables IPv6 on all network interfaces by default but it might be re-enabled per-interface by the network manager configuration.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Disable IPv6

#3 Post by Head_on_a_Stick »

p.H wrote:The kernel parameter "ipv6.ipv6_disable=1" (or disable_ipv6, not sure) disables IPv6 on all network interfaces by default but it might be re-enabled per-interface by the network manager configuration.
It's ipv6.disable_ipv6=1. See also https://wiki.archlinux.org/index.php/IPv6#Disable_IPv6
deadbang

alikzn101
Posts: 15
Joined: 2020-10-09 01:06

Re: Disable IPv6

#4 Post by alikzn101 »

Ok, maybe I should have asked DROP all IPv6 instead of disable. I don't want a case where I am writing rules for IPv4 and IPv6.

Post Reply