Disable IPv6 on Amazon Linux 2023 Instance

  Kiến thức lập trình

For STIG reasons I need to disable IPv6 on my Amazon Linux 2023 Instance. I have tried adding the following lines to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

However, upon startup it looks like I do have an IPv6 address and if I do a manual application of net.ipv6.conf.all.disable_ipv6=1 it goes away.

$ ip -6 addr
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 state UP qlen 1000
    inet6 fe80::4:6fff:feea:27c7/64 scope link
       valid_lft forever preferred_lft forever
$ sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
$ ip -6 addr
$

I have looked a little into /proc/sys/net:

$ cat /proc/sys/net/ipv6/conf/*/disable_ipv6
1
1
0
1

and it is interesting that even though /proc/sys/net/ipv6/conf/all/disable_ipv6 contains 1, /proc/sys/net/ipv6/conf/ens5/disable_ipv6 is still 0

Is there a better way of disabling IPv6? (Note: I have tried grubby --update-kernel=ALL --args="ipv6.disable=1" and it bricks my instance [I think it kills IPv4 as well].) Or is there something else I need for the setting to stick after a reboot?

  • linux
  • ipv6
  • amazon-linux-2023

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT