18

How can I disable IPv4 stack from Linux ? I want to do that dynamically, i.e. sometimes I want it enabled and sometimes I want only IPv6 stack. Is there any portable way to do that ? If you know how to do that in any distribution, it will also help me a lot.

gxx
  • 5,483
  • 2
  • 21
  • 42
Aldebaran
  • 335
  • 3
  • 12

4 Answers4

21

Well after a little chat on the IRC the general opinion is that the linux kernel shares some code between ipv4 and ipv6, and that may make completely disabling ipv4 entirely impossible. You can try to compile the kernel without the ipv4 parts but ipv6 may not compile in this case (but nothing keeps you from trying!).

You can remove the ipv4 addresses from interfaces, AFAIK, but I don't think it's possible at this time to completely disable ipv4.

EDIT: After a quick check on make menuconfig on kernel 2.6.36 I could not find a way of disabling ipv4 without disabling the entire TCP/IP stack (and so, ipv6).

coredump
  • 12,573
  • 2
  • 34
  • 53
6

If this is for developers, then "library interposition" could be used, with LD_PRELOAD some doctored library with stub functions that simply return errors (or that call the real ones depending on the day of the week or some other external criterion).

ramruma
  • 2,730
  • 1
  • 14
  • 8
3

I don't think it is possible to disable IPv4 completely, but depending on your goal, dropping all IPv4 traffic using iptables might be enough, no?

Something like this should work. I haven't tested it on any machine, as I am accessing them through IPv4.

sudo iptables -I INPUT -j DROP
sudo iptables -O OUTPUT -j DROP
kasperd
  • 29,894
  • 16
  • 72
  • 122
  • 1
    This will block traffic, which may sometimes be useful. but it will not stop programs from binding an IPv4 socket. This is necessary to completely disable IPv4. – Michael Hampton Nov 15 '18 at 13:49
  • What I did on a machine where I needed to run IPv6-only was to disable the DHCP client in `/etc/network/interfaces.d`. It's not quite the same as disabling IPv4 since `systemd-resolved` is still listening on `127.0.0.53:53`. But it was sufficient to address my immediate needs and much preferred to messing with `iptables`. – kasperd Feb 05 '19 at 16:28
1

Mostly you should recompile yours kernel without ipv4 modules. fedora

You can’t disable it completely because the system uses 127.0.0.1 loopback interface.
But you can disable some ipv4 functions with if-cfg command.

Leandro
  • 176
  • 1
  • 13
MealstroM
  • 1,517
  • 1
  • 16
  • 31
  • You can even remove 127.0.0.1 from the loopback interface and only live with ::1. But you have to do that manually after every reboot. – TJJ Jan 19 '21 at 02:16