Department of Defense
High Performance Computing Modernization Program

Enabling Internet Protocol version 6 (IPv6)

In Apple macOS (all versions) and OS X (versions 10.3 Panther through 10.11 El Capitan), IPv6 is on by default. No action is necessary to enable IPv6. It was also supported in OS X 10.1 Puma and OS X 10.2 Jaguar but turned off by default.

In the absence of applicable policy or guidance about hardening Apple macOS and OS X to guard against potential IPv6-related attacks, a guide for configuring Apple macOS (all versions) and OS X (versions 10.10 Yosemite through 10.11 El Capitan) is provided by this article.

For macOS (all versions) and OS X (versions 10.6 Snow Leopard and later), if your network administrator or Internet Service Provider (ISP) tells you to configure IPv6 manually, follow these instructions.

If the following features are enabled, it is recommended that they be disabled: File Sharing in macOS (all versions) and OS X (all versions) and AirDrop in macOS (all versions) and OS X (versions 10.7 Lion and later), as shown here.

Re-enabling IPv6

To re-enable IPv6 in OS X (versions up through 10.6 Snow Leopard) if it has been disabled for some reason, open the System Preferences - Network panel. Go into the properties for each network interface and click on the Advanced - TCP/IP tab. Then click the Configure IPv6 button and set the menu to On. Click OK and then Apply Now. Close System Preferences. Note: If you want to manually assign the router's IPv6 address, choose Manually from the Configure IPv6 pop-up menu rather than just clicking On. Then you can enter your system's IPv6 address and the router address and network prefix length.

If you insist on using the command line, the command to turn IPv6 on for all network interfaces is

/usr/sbin/ip6 -a

To re-enable IPv6 in macOS (all versions) and OS X (versions OS X 10.7 Lion and later), the System Preferences - Network panel cannot be used. Instead, you must use the command line

networksetup -setv6automatic Wi-Fi

(and reissue the command line again for Ethernet and any other network interfaces you want to re-enable IPv6 on). Once IPv6 has been re-enabled for an interface, you can then use the System Preferences - Network panel as described above to manually assign its address settings.

Privacy addresses were disabled by default in OS X (versions up to 10.7 Lion). Since then they have been enabled by default in OS X (later versions) and macOS (all versions). To disable their use with a sysctl (which must be executed each time the system is restarted):

sysctl –w net.inet6.ip6.use_tempaddr=0

while to permanently disable them, place the following in /etc/sysctl.conf


or, if that variable is already defined change its value to zero.  Next, restart the system. To temporarily re-enable their use after they have been permanently disabled, use the sysctl:

sysctl –w net.inet6.ip6.use_tempaddr=1

and to specify how often the address is recomputed (XX is in seconds), use the sysctl

sysctl -w net.inet6.ip6.temppltime=XX

To permanently re-enable them, change the value of net.inet6.ip6.use_tempaddr in /etc/sysctl.conf to 1, or place the following lines in /etc/sysctl.conf



and restart the system.