Note: A 2022 tutorial on the many aspects of IPv6 can be found in this All Things TECH IPv6 on Linux article.
Enabling IPv6
Linux systems built with a Linux kernel 2.6 or later will have Internet Protocol version 6 (IPv6) enabled by default, including Red Hat (Desktop or WS 3.0 or later and Enterprise (RHEL) 5.2 or later), Mandrake 8 or later, Fedora 9 or later, and CentOS 7 or later systems. IPv4 will continue to run. You must be logged in as root to make these changes. Also, in the absence of other policy or guidance about hardening RHEL to guard against potential IPv6-related attacks, a guide for configuring RHEL servers 6.6 and later to prevent IPv6-related attacks is provided by this Linux Security Guide for Hardening IPv6 article.
The following guide explains the steps involved with enabling IPv6 in earlier versions of Red Hat Linux. These instructions also work for the Mandrake, Fedora, and CentOS Linux distributions.
Considerations: If you depend on iptables for securing the system make sure to appropriately apply ip6tables rules. See link at end of this section.
Quick Start Instructions:
1) Test to see that the ipv6 kernel module is loaded: lsmod |grep ipv6
If it’s not loaded, load immediately as follows:
modprobe ipv6
To have the module loaded when the system starts, edit /etc/modules.conf and add the following line:
alias net-pf-10 ipv6
2) Edit: /etc/sysconfig/network, add:
NETWORKING_IPV6=yes
3) For each of the /etc/sysconfig/network-scripts/ifcfg-ethX files, add:
IPV6_AUTOCONF=yes
to enable Stateless Address Autoconfiguration (SLAAC) addressing, or, if you want to manually configure things, instead add:
(remembering to use square brackets and colons in the IPv6 addresses).
4) Privacy extensions are not enabled by default. For each configured interface ethX where privacy extensions are being enabled, add the line:
IPV6_PRIVACY=rfc3041
to the /etc/sysconfig/network-scripts/ifcfg-interface ethX file for that interface. Then create the file /etc/sysctl.d/ipv6_privacy_extensions (if it does not already exist), containing the lines
net.ipv6.conf.default.use_tempaddr=2
net.ipv6.conf.all.use_tempaddr=2
5) This LINUX IPv6 HOWTO document discusses additional aspects of enabling IPv6, such as routing and DNS.
6) Then issue a "service network restart" command. (This may disconnect you temporarily as networking reloads)
7) Then try pinging:
# ping6 -n ipv6.test-ipv6.com
The output should be similar to this:
Pinging ipv6.test-ipv6.com [2001:470:1:18::115] with 32 bytes of data:
Reply from 2001:470:1:18::115: time=687ms
Reply from 2001:470:1:18::115: time=719ms
Reply from 2001:470:1:18::115: time=702ms
Reply from 2001:470:1:18::115: time=700ms
ip6tables information can be found in the Enabling IPv6 in ip6tables and other Linux-based Firewalls article in the Security section.
Disabling IPv6
In releases built with a Linux kernel 2.6 and later, IPv6 is enabled by default. This includes Red Hat (Desktop or WS 3.0 or later and RHEL 5.2 or later), Mandrake 8.0 or later, Fedora 9 or later, and CentOS 7 or later systems. IPv4 will continue to run. You must be logged in as root to make these changes. To disable IPv6:
1. Edit the file /etc/modprobe.conf
2. Add the following lines to the file
alias net-pf-10 off
alias ipv6 off
3. Write the file, save it, and exit the editor
4. Edit the file /etc/sysconfig/network
5. Change the following line in the file
NETWORKING_IPV6= yes
so that it looks like
NETWORKING_IPV6= no
6. Write the file, save it, and exit the editor
7. Reboot