Here are simple steps to disable ipv6 in Debian:
- Comment out anything related to ipv6 in /etc/hosts
- SSH. Ensure AddressFamily inet is set in/etc/ssh/sshd_config. Restart ssh.
- BIND. Ensure listen-on-v6 { none; }; in/etc/bind/named.conf.options. Restart bind9.
- NTP. Ensure -4 option is set in /etc/default/ntp (e.g. NTPD_OPTS=’-4 -g’). Restart ntp.
- APACHE2. Ensure Listen 0.0.0.0:80 in/etc/apache2/ports.conf file. Restart apache2.
- RPCBIND (rpc.statd, rpc.mountd). Comment out the appropriate entries in /etc/netconfig:
udp tpi_clts v inet udp - - tcp tpi_cots_ord v inet tcp - - #udp6 tpi_clts v inet6 udp - - #tcp6 tpi_cots_ord v inet6 tcp - - rawip tpi_raw - inet - - - local tpi_cots_ord - loopback - - - unix tpi_cots_ord - loopback - - -
- PostgreSQL 9. Ensure ipv4 in listen_addresses (file/etc/postgresql/9.1/main/postgresql.conf):
# - Connection Settings listen_addresses = '0.0.0.0'
Comment out lines related to ipv6 (file/etc/postgresql/9.1/main/pg_hba.conf):
# IPv6 local connections: #host all all ::1/128 md5
Restart postgresql.
- Disable ipv6 in kernel:
echo net.ipv6.conf.all.disable_ipv6=1 \ > /etc/sysctl.d/disableipv6.conf
- Disable ipv6 in kernel modules (file/etc/modprobe.d/aliases.conf):
# alias net-pf-10 ipv6 alias net-pf-10 off alias ipv6 off
The next time the system boots it will have ipv6 disabled. Let verify it with:
netstat -tunlp
Here is a sample output:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.10.2:53 0.0.0.0:* LISTEN 895/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 895/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 734/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 895/named udp 0 0 192.168.10.2:53 0.0.0.0:* 895/named udp 0 0 127.0.0.1:53 0.0.0.0:* 895/named
Read more about ipv6 here.