Using sysctl to permanently disable IPv6 doesn't have any effect

Bug #1771222 reported by Serapheim Dimitropoulos on 2018-05-14
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned

Bug Description

Shows up in version 18.04 of Ubuntu.

I added the following 2 lines in /etc/sysctl.d/99-sysctl.conf and /etc/sysctl.d/01-disable-ipv6.conf:
```
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
```

Rebooting my machine sets those parameters for "all" and "default" but not for
the sysctl options of my network interface:
```
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.ens160.disable_ipv6 = 0
```

I use disable_ipv6 above as an example.
I've also verified this with the promote_secondaries option of ipv4.

I can always restart systemd-sysctl.service at every boot and this will
set net.ipv6.conf.ens160.disable_ipv6 to 1. Unfortunately though this won't
work for devices that are hot-plugged.

Other info:

- version signature: Ubuntu 4.15.0-20.21-generic 4.15.17
- lspci is attached

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.17 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.17-rc5

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Incomplete

Hi Joseph,

Thank you for the quick reply.

I did as instructed and got the specified upstream kernel installed.
```
~$ uname -a
Linux ubuntu 4.17.0-041700rc5-generic #201805132030 SMP Mon May 14 00:32:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
```

Problem persists after reboot:
```
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.ens33.disable_ipv6 = 0
```

Changing to Confired, and adding tag.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: kernel-bug-exists-upstream
Joseph Salisbury (jsalisbury) wrote :

This issue appears to be an upstream bug, since you tested the latest upstream kernel. Would it be possible for you to open an upstream bug report[0]? That will allow the upstream Developers to examine the issue, and may provide a quicker resolution to the bug.

Please follow the instructions on the wiki page[0]. The first step is to email the appropriate mailing list. If no response is received, then a bug may be opened on bugzilla.kernel.org.

Once this bug is reported upstream, please add the tag: 'kernel-bug-reported-upstream'.

[0] https://wiki.ubuntu.com/Bugs/Upstream/kernel

Dave Bevan (dave-bevan) wrote :

Shows up in 16.04.5 (4.15.0-43-generic) too.

In the end, despite all the above ipv6.disable = 1 additions to sysctl.conf and reboots, the only sure-fire way I found to reliably disable ipv6 was to add ipv6.disable=1 to grub:

$ grep ip /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
$ sudo update-grub
$ sudo reboot

No,
$ apt-get install ifupdown
redo your network config with /etc/network/interfaces
and
$ apt-get autoremove --purge netplan.io

Does not work if you not purge netplan.
If installed, netplan insist to generate volatile config for networkd (/run/systemd/network/10-netplan-your_interface.network) with ipv6 options applied by networkd.

It is not a kernel or systemd bug, but another netplan bug.
If you do not want to go back to ifupdown, it's time to learn networkd. For server use, netplan is totally useless and only add a layer of potential new problems.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments