There are several ways to disable ipv6 on Fedora. e.g.: changing sysctl, changing the network configuration file.
However if it's required to disable ipv6 system wide in a reliable way, I prefer to disable it using the kernel parameter method.
I'm using Fedora 29 server edition on an UEFI system.
1. Add ipv6.disable=1 to GRUB_CMDLINE_LINUX parameter listed in /etc/default/grub file,
[root@localhost ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=UUID=aee6d21-c4a6-437-a7c6-d80c98ab9 rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true"
2. Take a backup of the grub configuration file.
cp /boot/efi/EFI/fedora/grub.cfg /boot/efi/EFI/fedora/grub.cf.bk
3. Generate the grub configuration file,
grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
4. Reboot
Update 1: It looks like this method breaks firewalld on fedora 29, Therefore I had to revert the changes.
[root@localhost ~]# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-11-20 11:11:07 +0530; 5min ago
Docs: man:firewalld(1)
Main PID: 1874 (firewalld)
Tasks: 2 (limit: 4915)
Memory: 22.8M
CGroup: /system.slice/firewalld.service
└─1874 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Nov 20 11:11:06 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 20 11:11:07 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 20 11:11:07 localhost.localdomain firewalld[1874]: WARNING: ip6tables not usable, disabling IPv6 firewall.
Nov 20 11:11:07 localhost.localdomain firewalld[1874]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): goto 'PRE_FedoraServer' is not a chain
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): goto 'PRE_FedoraServer' is not a chain
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
No comments:
Post a Comment