# Disable ipv6 for all interfaces -- FreeBSD 9.3



## eee2015 (Sep 14, 2015)

I want to disable ipv6, and I have this options in rc.conf :

```
# disable ipv6
ipv6_network_interfaces="NONE" # Default is auto
ip6addrctl_enable="NO" # New way to disable IPv6 support
ip6addrctl_policy="ipv4_prefer" # Use IPv4 instead of IPv6
ipv6_activate_all_interfaces="NO" # Do not automatically add IPv6 addresses
```
But IPv6 is still configured automatically on all interfaces, I don't know if those settings are correct.

Thanks


----------



## kpa (Sep 14, 2015)

Post your `ifconfig` output. If it's just link-local addresses and the interfaces are in IFDISABLED state you effectively have IPv6 turned off.


----------



## eee2015 (Sep 14, 2015)

The interfaces are indeed in IFDISABLED state, I thought IPv6 would disappear completely from `ifconfig` output:

```
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=82008<VLAN_MTU,WOL_MAGIC,LINKSTATE>
  ether b8:97:5c:32:21:92
  inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
  inet6 fe80::200:24ff:fece:7bfb%re0 prefixlen 64 scopeid 0xc
  nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
  media: Ethernet autoselect (100baseTX <full-duplex>)
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```


----------



## protocelt (Sep 14, 2015)

You can disable IPv6, but as far as I'm aware, you can not remove it unless you build a kernel configured without IPv6 support. As kpa mentioned, you will still see IPv6 link-local addresses in ifconfig(8) output even when it is disabled. If IPv6 is disabled, the link-local addresses at this point can just be ignored.


----------



## andrian (Sep 16, 2015)

You can disable IPv6:
In kernel configuration file (GENERIC), please remark

```
line options  INET6  # IPv6 communications protocols
```
and build  kernel.

```
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
  ether 00:22:4d:9e:50:33
  inet 10.144.40.2 netmask 0xffffff00 broadcast 10.144.40.255
  media: Ethernet autoselect (100baseTX <full-duplex>)
  status: active
```


----------



## kpa (Sep 16, 2015)

andrian said:


> You can disable IPv6:
> In kernel configuration file (GENERIC), please remark
> 
> ```
> ...



Yes you can but is it worth it? All of the official binary packages are built with IPv6 enabled so you'll have to build your own ports with IPv6 disabled if you want to go that route. Disabling IPv6 does not increase the security of your system despite some tin foil hat stuff you find on the net and it doesn't take much memory either if left on unused.


----------



## andrian (Sep 16, 2015)

Don't worry, non-availability IPv6 did not create problems. You can always turn it back (options INET6).


----------



## protocelt (Sep 16, 2015)

andrian said:


> Don't worry, non-availability IPv6 did not create problems. You can always turn it back (options INET6).


 Removing IPv6 support isn't an option to anyone that doesn't build and update the OS and all ports from source. Even then, you may run into problems with specific ports. It's just generally a bad idea unless you really know what you are doing and how to work around the potential problems you likely will face.


----------



## protocelt (Sep 16, 2015)

getopt said:


> I do build everything from source with completely deactivated IPv6. No problems here.
> So as you did mention "potential problems" you are due to be more elaborate about them.


Unfortunately not. To elaborate more, I would need to build and test every port in the ports tree against a system built without IPv6 to find any problem ports. That's not really feasible.

I have built a system without IPv6 support previously myself as well and did not run into any problems. That does not however mean there won't be any. I just can't point any specific problems out at this time.


----------



## topo (Sep 16, 2015)

First I have seen dancing kame in FreeBSD 4.0 time 15yrs ago. I did not find any use for it then so I disabled IPv6. Since then I always disable IPv6 (security is one of the reasons). Never had any problems (desktops/laptops). Disabling in the kernel is easiest approach. Easier than compiling each net app without IPv6. If needed it will take only short time to enable IPv6 again. In 15 yrs I have not seen single app for BSD, Linux or Windows that solely dependents on IPv6.


----------

