Tuesday, November 20, 2018

Permanently disable ipv6 on Fedora

There are several ways to disable ipv6 on Fedora. e.g.: changing sysctl, changing the network configuration file.

However if it's required to disable ipv6 system wide in a reliable way, I prefer to disable it using the kernel parameter method.

I'm using Fedora 29 server edition on an UEFI system.

1.  Add ipv6.disable=1 to GRUB_CMDLINE_LINUX parameter listed in /etc/default/grub file,

[root@localhost ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="resume=UUID=aee6d21-c4a6-437-a7c6-d80c98ab9 rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true"

2. Take a backup of the grub configuration file.

cp /boot/efi/EFI/fedora/grub.cfg /boot/efi/EFI/fedora/grub.cf.bk

3. Generate the grub configuration file,

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg 

4. Reboot

Update 1: It looks like this method breaks firewalld on fedora 29, Therefore I had to revert the changes.

[root@localhost ~]# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-11-20 11:11:07 +0530; 5min ago
     Docs: man:firewalld(1)
 Main PID: 1874 (firewalld)
    Tasks: 2 (limit: 4915)
   Memory: 22.8M
   CGroup: /system.slice/firewalld.service
           └─1874 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Nov 20 11:11:06 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 20 11:11:07 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 20 11:11:07 localhost.localdomain firewalld[1874]: WARNING: ip6tables not usable, disabling IPv6 firewall.
Nov 20 11:11:07 localhost.localdomain firewalld[1874]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): goto 'PRE_FedoraServer' is not a chain
                                                      
                                                       Error occurred at line: 2
                                                       Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Nov 20 11:11:08 localhost.localdomain firewalld[1874]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): goto 'PRE_FedoraServer' is not a chain
                                                      
                                                       Error occurred at line: 2
                                                       Try `iptables-restore -h' or 'iptables-restore --help' for more information.



Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)