{"id":4192,"date":"2024-02-23T08:17:11","date_gmt":"2024-02-23T13:17:11","guid":{"rendered":"https:\/\/www.both.org\/?p=4192"},"modified":"2024-02-23T08:17:11","modified_gmt":"2024-02-23T13:17:11","slug":"how-i-disabled-ipv6-on-linux","status":"publish","type":"post","link":"https:\/\/www.both.org\/?p=4192","title":{"rendered":"How I disabled IPv6 on Linux"},"content":{"rendered":"
\r\n
\r\n \r\n <\/i>\r\n <\/a>\r\n <\/span>\r\n<\/div><\/div>\n

Simplify your network by disabling IPv6.<\/p>\n\n\n\n

IPv6 is a good thing for the Internet in general, but I find it unnecessarily complex for use in most home and small- to medium-size businesses. Like many others, I continue to use private IPv4 address ranges for my own internal networks and those for which I have some level of responsibility. My ISP only provides IPv4 addresses anyway, so it makes no sense to use IPv6 internally when all external packets are IPv4. Besides, IPv4 is much simpler, and one of my Linux Philosophy tenets is “Find the Simplicity.”<\/p>\n\n\n\n

As a result, I disabled IPv6 on all my hosts. It seemed easy\u2014at first. Here is how I did it.<\/p>\n\n\n\n

Testing for IPv6<\/h2>\n\n\n\n

My hosts run the Fedora 36 Xfce spin<\/a> along with many packages and configuration changes I perform after the initial default installation. All of my hosts have the most recent updates installed. One of those hosts is my firewall\/router, which is the first host on which I disabled IPv6.<\/p>\n\n\n\n

You can check to see whether IPv6 is currently active on your Linux host. The nmcli<\/code> command results below are from my router\/firewall host. All the active NICs have both IPv4 and IPv6 addresses.<\/p>\n\n\n\n

# nmcli<\/strong>\nenp4s0: connected to enp4s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:04:44:03, hw, mtu 1500\n        ip4 default\n        inet4 45.20.209.41\/29\n        route4 45.20.209.40\/29 metric 102\n        route4 default via 45.20.209.46 metric 102\n        inet6 2600:1700:7c0:860:8616:f9ff:fe04:4403\/64\n        inet6 fe80::8616:f9ff:fe04:4403\/64\n        route6 fe80::\/64 metric 256\n        route6 default via fe80::a698:13ff:fee5:fa10 metric 1024\n        route6 2600:1700:7c0:860::\/64 metric 256\n\nenp1s0: connected to enp1s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:03:E9:89, hw, mtu 1500\n        inet4 192.168.10.1\/24\n        route4 192.168.10.0\/24 metric 101\n        inet6 fe80::8616:f9ff:fe03:e989\/64\n        route6 fe80::\/64 metric 256\n\nenp2s0: connected to enp2s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:03:FD:85, hw, mtu 1500\n        inet4 192.168.0.254\/24\n        route4 192.168.0.0\/24 metric 100\n        inet6 fe80::8616:f9ff:fe03:fd85\/64\n        route6 fe80::\/64 metric 256\n\nlo: unmanaged\n        \"lo\"\n        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536\n\nDNS configuration:\n        servers: 192.168.0.52 8.8.8.8 8.8.4.4\n        interface: enp4s0\n\n        servers: 192.168.0.52 8.8.8.8\n        interface: enp2s0\n\n        servers: 192.168.0.52 8.8.8.8\n        interface: enp1s0<\/code><\/pre>\n\n\n\n
Use GRUB to configure the kernel<\/h2>\n\n\n\n
GRUB\u2013the Grand Unified Bootloader\u2013loads the kernel into memory and sets many kernel parameters during the Linux boot process. The current bootloader is actually GRUB2, the second major version of GRUB, but it is easier just to call it GRUB.<\/p>\n\n\n\n
The GRUB configuration file \/boot\/grub2\/grub.cfg<\/code> provides the startup configuration for the kernel, but you should not modify it directly. The location of the UEFI GRUB configuration file may vary depending on your distribution. However, its location is irrelevant for this purpose. Linux startup kernel configuration can be easily modified using the \/etc\/default\/grub<\/code> configuration file, which configures the kernel properly regardless of whether it boots using UEFI.<\/p>\n\n\n\n
There are two command line arguments to add to the \/etc\/default\/grub<\/code> file to configure the Linux kernel to disable IPv6. The first, GRUB_CMDLINE_LINUX=”ipv6.disable=1″<\/strong> adds “ipv6.disable=1”<\/strong> to the kernel command line.<\/p>\n\n\n\n
The second, GRUB_CMDLINE_LINUX_DEFAULT=”ipv6.disable=1 quiet splash”<\/strong> is a little more complicated. When you set GRUB_DISABLE_RECOVERY<\/strong> to true<\/strong>, one menu entry will be generated for each Linux kernel. When set to false<\/strong>, two menu entries are created for each kernel: One default entry and one entry for recovery mode. This option lists command-line arguments to be added only to the default menu entry, after those listed in GRUB_CMDLINE_LINUX<\/strong>.<\/p>\n\n\n\n
The other two arguments define how the kernel startup looks on the display. The “quiet”<\/strong> argument disables most of the informational messages emitted by the kernel during its startup and self-configuration. The “splash”<\/strong> argument causes the splash screen to be displayed during kernel startup. The splash screen can be a graphic such as a logo or an animation.<\/p>\n\n\n\n
My \/etc\/default\/grub<\/code> file looks like this after making those additions:<\/p>\n\n\n\n
GRUB_TIMEOUT=5\nGRUB_DISTRIBUTOR=\"$(sed 's, release .*$,,g' \/etc\/system-release)\"\nGRUB_DEFAULT=saved\nGRUB_DISABLE_SUBMENU=true\nGRUB_TERMINAL_OUTPUT=\"console\"\nGRUB_CMDLINE_LINUX=\"rhgb quiet\"\nGRUB_DISABLE_RECOVERY=\"true\"\nGRUB_ENABLE_BLSCFG=true\nGRUB_CMDLINE_LINUX_DEFAULT=\"ipv6.disable=1 quiet splash\"\nGRUB_CMDLINE_LINUX=\"ipv6.disable=1\"<\/code><\/pre>\n\n\n\n
After making these (or any) additions to the \/etc\/default\/grub<\/code> file, run the grub2-mkconfig<\/code> command, which adds these arguments to the kernel command line in the grub.cfg<\/code> configuration file for each installed kernel. These changes do not take effect immediately. You must reboot the hosts for IPv6 to be disabled.<\/p>\n\n\n\n
Automate this solution<\/h2>\n\n\n\n
Automating these tasks using Ansible is straightforward. Just create a playbook with the following settings and run it against the list of hosts that need this change. The first two tasks in this playbook append the desired configuration:<\/p>\n\n\n\n
- name: Play 1 - Modify \/etc\/default\/grub to configure kernel boot parameters.\n  hosts: f36vm\n\n  tasks:\n    - name: Append GRUB_CMDLINE_LINUX_DEFAULT variable to \/etc\/default\/grub\n      lineinfile:\n        path: \/etc\/default\/grub\n        insertafter: EOF\n        line: 'GRUB_CMDLINE_LINUX_DEFAULT=\"ipv6.disable=1 quiet splash\"'\n\n    - name: Append GRUB_CMDLINE_LINUX variable to \/etc\/default\/grub\n      lineinfile:\n        path: \/etc\/default\/grub\n        insertafter: EOF\n        line: 'GRUB_CMDLINE_LINUX=\"ipv6.disable=1\"'\n\n    - name: Run grub2-mkconfig to update \/boot\/grub\/grub.cfg\n      command:\n        cmd: grub2-mkconfig<\/code><\/pre>\n\n\n\n
Once again, you must reboot the hosts for IPv6 to be disabled. You can add the reboot to the playbook so that the changes take effect immediately, or wait until the next time the hosts need to be rebooted for other reasons.<\/p>\n\n\n\n
The other solution<\/h2>\n\n\n\n
I created another solution; it is just not the best and most elegant option. However, I want to show my thought process because there is some information here that might be useful.<\/p>\n\n\n\n
Add a local file to sysctl.d<\/h3>\n\n\n\n
You can use the \/etc\/sysctl<\/code> file to add the configuration settings necessary, but it is much better to add a local file to the \/etc\/sysctl.d<\/code> directory so that it won’t be overwritten during updates or upgrades. Note that there is already a file named 99-sysctl.conf<\/code>. You can use that file to set the configuration, but I created a file named 99-local-network.conf<\/code> with the following content for this purpose. That way, if the 99-sysctl.conf<\/code> changes with future updates or upgrades, my file will remain untouched. This is not an executable file; it is a configuration file.<\/p>\n\n\n\n
################################################################################\n# Local NetworkManager settings - Specifically to disable IPV6                 #\n################################################################################\n#\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1<\/code><\/pre>\n\n\n\n
Note<\/strong>: Like many configuration files in configuration directories like this one, the files contained in the directory are read in natural sorted order. That means the value for a variable declared in a file with a later sort order will override an earlier declaration for the same variable.<\/p>\n\n\n\n
A reboot is usually used to cause these changes to take effect, but I later learned how to do so without a reboot. I rebooted my system and reran the nmcli<\/code> command with the following results:<\/p>\n\n\n\n
[root@wally ~]# nmcli<\/strong>\nenp4s0: connected to enp4s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:04:44:03, hw, mtu 1500\n        ip4 default\n        inet4 45.20.209.41\/29\n        route4 45.20.209.40\/29 metric 101\n        route4 default via 45.20.209.46 metric 101\n\nenp1s0: connected to enp1s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:03:E9:89, hw, mtu 1500\n        inet4 192.168.10.1\/24\n        route4 192.168.10.0\/24 metric 102\n\nenp2s0: connected to enp2s0\n        \"Realtek RTL8111\/8168\/8411\"\n        ethernet (r8169), 84:16:F9:03:FD:85, hw, mtu 1500\n        inet4 192.168.0.254\/24\n        route4 192.168.0.0\/24 metric 100\n\nlo: unmanaged\n        \"lo\"\n        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536\n\nDNS configuration:\n        servers: 192.168.0.52 8.8.8.8 8.8.4.4\n        interface: enp4s0\n\n        servers: 192.168.0.52 8.8.8.8\n        interface: enp2s0\n\n        servers: 192.168.0.52 8.8.8.8\n        interface: enp1s0<\/code><\/pre>\n\n\n\n
This shows that my simple fix worked.<\/p>\n\n\n\n
Except…<\/h3>\n\n\n\n
Except that solution only works on one of my twelve Linux computers. After writing the preceding part of this article, I started installing this fix on all of my other hosts. I had only done one system when I realized that this approach did not always work. I then tried it on one of my VMs and it also failed there. As best I can tell, it only works on one host\u2014the one I use as my firewall and router.<\/p>\n\n\n\n
After some additional research on a VM, I discovered that these settings could also be issued as commands using sysctl<\/code> so that the system would not need a reboot. I could enter those commands from the command line to deactivate IPv6. Here’s an example:<\/p>\n\n\n\n
[root@f36vm ~]# sysctl -w net.ipv6.conf.all.disable_ipv6=1<\/strong>\nnet.ipv6.conf.all.disable_ipv6 = 1\n[root@f36vm ~]# sysctl -w net.ipv6.conf.default.disable_ipv6=1<\/strong>\nnet.ipv6.conf.default.disable_ipv6 = 1\n[root@f36vm ~]# nmcli<\/strong>\nenp0s3: connected to Wired connection 1\n        \"Intel 82540EM\"\n        ethernet (e1000), 08:00:27:07:CD:FE, hw, mtu 1500\n        ip4 default\n        inet4 192.168.0.136\/24\n        route4 192.168.0.0\/24 metric 100\n        route4 default via 192.168.0.254 metric 100\n\nlo: unmanaged\n<SNIP><\/code><\/pre>\n\n\n\n
It took some time to research this and determine that the file I created was not being read\u2013or at least not processed\u2013by sysctl<\/code> during the Linux startup. Or, if it was, it was being ignored or the settings were being overwritten later by the same variables with different values. After this, I knew that there was no deeper problem preventing it.<\/p>\n\n\n\n
About sysctl<\/h3>\n\n\n\n
At this point, I looked into the sysctl<\/code> command in more detail. The purpose of the sysctl<\/code> command is to set kernel parameters in the \/proc<\/code> directory. The root user can use it to set individual parameters from the command line. In addition\u2013and this is the key to my solution\u2013you can use it to view and set all of the kernel parameters stored in several locations, including \/etc\/sysctl.conf<\/code> and in files located in \/etc\/sysctl.d<\/code>. The sysctl<\/code> command is used during Linux startup to set the kernel parameters.<\/p>\n\n\n\n
I repeat: The system and the sysadmin can use the sysctl<\/code> command to view and set kernel variables while the system is up and running and without a reboot. This command and the power it offers the Linux sysadmin is one of the most significant differences between Linux and other operating systems. It gives us a tool to do things impossible on other operating systems.<\/p>\n\n\n\n
I tested this by rebooting the VM and running the following command to set the variables in all locations listed on the sysctl<\/code> man page:<\/p>\n\n\n\n
[root@f36vm ~]# sysctl --system<\/strong>\n* Applying \/usr\/lib\/sysctl.d\/10-default-yama-scope.conf ...\nkernel.yama.ptrace_scope = 0\n* Applying \/usr\/lib\/sysctl.d\/50-coredump.conf ...\nkernel.core_pattern = |\/usr\/lib\/systemd\/systemd-coredump %P %u %g %s %t %c %h\nkernel.core_pipe_limit = 16\nfs.suid_dumpable = 2\n* Applying \/usr\/lib\/sysctl.d\/50-default.conf ...\nkernel.sysrq = 16\nkernel.core_uses_pid = 1\nnet.ipv4.conf.default.rp_filter = 2\nsysctl: setting key \"net.ipv4.conf.all.rp_filter\": Invalid argument\nnet.ipv4.conf.default.accept_source_route = 0\nsysctl: setting key \"net.ipv4.conf.all.accept_source_route\": Invalid argument\nnet.ipv4.conf.default.promote_secondaries = 1\nsysctl: setting key \"net.ipv4.conf.all.promote_secondaries\": Invalid argument\nnet.ipv4.ping_group_range = 0 2147483647\nnet.core.default_qdisc = fq_codel\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.protected_regular = 1\nfs.protected_fifos = 1\n* Applying \/usr\/lib\/sysctl.d\/50-libkcapi-optmem_max.conf ...\nnet.core.optmem_max = 81920\n* Applying \/usr\/lib\/sysctl.d\/50-libreswan.conf ...\nnet.ipv6.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.all.accept_redirects = 0\n* Applying \/usr\/lib\/sysctl.d\/50-pid-max.conf ...\nkernel.pid_max = 4194304\n* Applying \/etc\/sysctl.d\/99-local-network.conf ...\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\n* Applying \/etc\/sysctl.d\/99-sysctl.conf ...\n* Applying \/etc\/sysctl.conf ...\n\n[root@f36vm ~]#<\/code><\/pre>\n\n\n\n
Checking the status of the NIC with the nmcli<\/code> command showed that IPv6 had been disabled and that IPv4 was still up and running. Yes, I do see the other errors in that data stream, but I am ignoring them for now. Be sure to read the man page for the sysctl<\/code> command as it is quite interesting. It provides a method for processing all sysctl<\/code> configuration files with the --service<\/code> option.<\/p>\n\n\n\n
The solution<\/h3>\n\n\n\n
Now that I understood the true nature of the problem, I could create a real solution\u2013even if it might be only a temporary circumvention. I was able to do so in a way that is in keeping with the original intent of the Linux startup sequence and the sysctl.d<\/code> method for configuring the kernel.<\/p>\n\n\n\n
I left my new configuration file in place in \/etc\/sysctl.d<\/code>. I created the simple Bash script shown below to run the sysctl --system<\/code> command and stored it in \/usr\/local\/bin<\/code>.<\/p>\n\n\n\n
#!\/bin\/bash\n<SNIP \u2013 discarded a bunch of comments to save space>\nsysctl --system<\/code><\/pre>\n\n\n\n
I tested this script multiple times before proceeding to ensure that it worked. If you do this, be sure to test it multiple times, both with and without rebooting, to return to the original kernel configuration.<\/p>\n\n\n\n
Create the service<\/h3>\n\n\n\n
The real key to this solution was to create a new systemd<\/code> service that would work similarly to the old rc.local<\/code> SystemV script. In this case, I called it the MyStartup.service<\/code>, and I renamed the script I created above and called it MyStartup.sh<\/code>. To create the service itself, I created a new systemd<\/code> unit file in the \/usr\/local\/lib\/systemd\/system<\/code> directory, which I also had to make. This service will run once at startup. I named this new file MyStartup.service<\/code> and added the following content:<\/p>\n\n\n\n
<SNIP \u2013 discarded a bunch of comments to save space>\n[Unit]\nDescription=Runs \/usr\/local\/bin\/MyStartup.sh\n\n[Service]\nExecStart=\/usr\/local\/bin\/MyStartup.sh\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n
Note that systemd<\/code> unit files like this one don’t need to be executable. It is owned by root.root with 664 permissions. It’s pretty simple to create this service, and I can use it for so many local startup tasks that I plan to keep it even when there is a permanent fix to the extant problem.<\/p>\n\n\n\n
The command below enables the new service. Note that the systemctl<\/code> command searches the new directory by default without any options, arguments, or prodding from me to locate the new unit file.<\/p>\n\n\n\n
[root@f36vm ~]# systemctl enable MyStartup.service<\/strong>\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/MyStartup.service \u2192 \/usr\/local\/lib\/systemd\/system\/MyStartup.service.<\/code><\/pre>\n\n\n\n
Enabling the service does not run the MyStartup.sh<\/code> script. This service will run the script at every reboot.<\/p>\n\n\n\n
Testing<\/h3>\n\n\n\n
As soon as the VM rebooted, I logged in as root and ran the following command to check the status of IPv6, but it was still active. After more testing, I determined that the service was running the commands too soon, so I added a command to the MyStartup.sh<\/code> script to sleep for 25 seconds before running the commands. Here is the edited script:<\/p>\n\n\n\n
#!\/bin\/bash\n<SNIP \u2013 discarded a bunch of comments to save space>\n# Wait a bit for things to start up and settle. It doesn't work without this.\nsleep 25\n# Run the sysctl command.\nsysctl --system<\/code><\/pre>\n\n\n\n
I rebooted again and verified the status as soon as I could log in, with the result that the service was still sleeping.<\/p>\n\n\n\n
[root@f36vm ~]# systemctl status MyStartup.service<\/strong>\n\u25cf MyStartup.service - Runs \/usr\/local\/bin\/MyStartup.sh\n     Loaded: loaded (\/usr\/local\/lib\/systemd\/system\/MyStartup.service; enabled; vendor preset: disabled)\n     Active: active (running) since Fri 2022-07-01 13:24:22 EDT; 14s ago\n   Main PID: 667 (MyStartup.sh)\n      Tasks: 2 (limit: 14129)\n     Memory: 592.0K\n        CPU: 1ms\n     CGroup: \/system.slice\/MyStartup.service\n             \u251c\u2500 667 \/bin\/bash \/usr\/local\/bin\/MyStartup.sh\n             \u2514\u2500 669 sleep 25<\/code><\/pre>\n\n\n\n
After waiting some additional time, I checked again, and the service had completed successfully, with the results clearly shown in the last few journal entries. Further testing showed that a delay of three seconds works reliably, while a delay of only one second always fails.<\/p>\n\n\n\n
Jul 01 13:24:22 f36vm.both.org systemd[1]: Started MyStartup.service - Runs \/usr\/local\/bin\/MyStartup.sh.\n\n[root@f36vm ~]# systemctl status MyStartup.service<\/strong>\n\u25cb MyStartup.service - Runs \/usr\/local\/bin\/MyStartup.sh\n     Loaded: loaded (\/usr\/local\/lib\/systemd\/system\/MyStartup.service; enabled; vendor preset: disabled)\n     Active: inactive (dead) since Fri 2022-07-01 13:24:47 EDT; 358ms ago\n    Process: 667 ExecStart=\/usr\/local\/bin\/MyStartup.sh (code=exited, status=0\/SUCCESS)\n   Main PID: 667 (code=exited, status=0\/SUCCESS)\n        CPU: 9ms\n\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: net.ipv4.conf.all.send_redirects = 0\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: net.ipv4.conf.all.accept_redirects = 0\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: * Applying \/usr\/lib\/sysctl.d\/50-pid-max.conf ...\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: kernel.pid_max = 4194304\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: * Applying \/etc\/sysctl.d\/99-local-network.conf ...\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: net.ipv6.conf.all.disable_ipv6 = 1\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: net.ipv6.conf.default.disable_ipv6 = 1\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: * Applying \/etc\/sysctl.d\/99-sysctl.conf ...\nJul 01 13:24:47 f36vm.both.org MyStartup.sh[1020]: * Applying \/etc\/sysctl.conf ...\nJul 01 13:24:47 f36vm.both.org systemd[1]: MyStartup.service: Deactivated successfully.\n\n[root@f36vm ~]#<\/code><\/pre>\n\n\n\n
You can see in the data output above that the configuration statements in the 99-sysctl.conf<\/code> file were applied. I also used the nmcli<\/code> command to verify that IPv6 has been disabled.<\/p>\n\n\n\n
Automate it<\/h3>\n\n\n\n
After figuring out how to consistently accomplish this solution, I added a set of tasks to do this to the Ansible playbook I use to distribute new and updated configuration files. That makes it easy for me to manage my 12 current hosts. I also added it to the playbook I use immediately after performing a basic installation on new hosts or ones that need a reinstallation for some reason. I added the following tasks to those playbooks.<\/p>\n\n\n\n
This first set of tasks is for my solution to add a new service:<\/p>\n\n\n\n
    - name: Install 99-local-network.conf file to disable IPV6\n      copy:\n        src: \/root\/ansible\/system-scripts\/files\/99-local-network.conf\n        dest: \/etc\/sysctl.d\n        mode: 0644\n        owner: root\n        group: root\n\n    - name: Install MyStartup.sh\n      copy:\n        src: \/root\/ansible\/system-scripts\/files\/MyStartup.sh\n        dest: \/usr\/local\/bin\n        mode: 0754\n        owner: root\n        group: root\n\n    - name: create \/root\/ansible\/system-scripts\/files\/ directory\n      file:\n        path: \/root\/ansible\/system-scripts\/files\/\n        state: directory\n        mode: 0755\n        owner: root\n        group: root  \n      \n    - name: Install MyStartup.service\n      copy:\n        src: \/root\/ansible\/system-scripts\/files\/MyStartup.service\n        dest: \/usr\/local\/lib\/systemd\/system\/\n        mode: 0664\n        owner: root\n        group: root\n\n    - name: Enable the MyStartup.service\n      systemd:\n        name: MyStartup.service\n        state: stopped\n        enabled: yes\n\n    - name: Run the raw command to disable IPV4 so a reboot is not required at this time\n      command:\n        cmd: sysctl --system<\/code><\/pre>\n\n\n\n
The advantage of this more complex solution of adding the configuration file to the sysctl.d<\/code> directory and then running a playbook with this series of tasks is it disables IPv6 without requiring a reboot.<\/p>\n\n\n\n
Final thoughts<\/h2>\n\n\n\n
Although just installing the file with the correct kernel parameters and rebooting worked fine on one of my hosts, it failed on all of the others I tried. I looked for differences that might explain why it failed on the others while working on my router\/firewall but found nothing that provided a clue as to why this is so. I discovered this problem exists on hosts with newly installed Fedora 36 without any of the changes and post-installation configuration that I always perform and on those with my usual changes. I do plan to keep investigating. I intend to submit a bug report to Red Hat so that there might be an actual fix to this instead of either of these circumventions.<\/p>\n\n\n\n
Neither circumvention depends upon the existence of any NIC configuration files\u2014either the old-style interface configuration files that used to be located in \/etc\/sysconfig\/network-scripts<\/code> or the newer NetworkManager interface connection files located in the \/etc\/NetworkManager\/system-connections<\/code> directory. It works with or without those files. The result is global for all network interfaces on the host.<\/p>\n\n\n\n
My own solution is a somewhat general approach that you can use in lieu of the old rc.local<\/code> script of the old SystemV startup days.<\/p>\n\n\n\n
Resources<\/h3>\n\n\n\n
The following resources are kept as current as possible but may not be completely accurate at any given time.<\/p>\n\n\n\n