For STIG reasons I need to disable IPv6 on my Amazon Linux 2023 Instance. I have tried adding the following lines to /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
However, upon startup it looks like I do have an IPv6 address and if I do a manual application of net.ipv6.conf.all.disable_ipv6=1
it goes away.
$ ip -6 addr
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 state UP qlen 1000
inet6 fe80::4:6fff:feea:27c7/64 scope link
valid_lft forever preferred_lft forever
$ sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
$ ip -6 addr
$
I have looked a little into /proc/sys/net
:
$ cat /proc/sys/net/ipv6/conf/*/disable_ipv6
1
1
0
1
and it is interesting that even though /proc/sys/net/ipv6/conf/all/disable_ipv6
contains 1
, /proc/sys/net/ipv6/conf/ens5/disable_ipv6
is still 0
Is there a better way of disabling IPv6? (Note: I have tried grubby --update-kernel=ALL --args="ipv6.disable=1"
and it bricks my instance [I think it kills IPv4 as well].) Or is there something else I need for the setting to stick after a reboot?