How to completely disable IPv6 for SOHO

Is there anyway to disable/remove IPv6 from router specifically SOHO point of view.

Just for 10 computers IPv4 more then enough.

May be applicable: How to completely disable IP6

1 Like

The solution to build image without IPv6, sounds good but is it possible on ground? For example if I drop only "odhcp6c odhcpd-ipv6only ppp ppp-mod-pppoe" few packs its still add IPv6 feature in final build.

The reason to disable IPv6 for 3 reasons:-

a) IPv6 only useful for WAN IP Address but for Internal network LAN IP Address its not really require, IPv4 enough to fit.
b) IPv6 to hostname reverse lookup not work. And big line address is another issue in Adguard.
c) IPv4 address still easy to remember but IPv6 is pain [Specifically in SOHO].

To block IPv6 traffic without rebuilding the image: Disabling IPv6 on OpenWrt

1 Like

The instruction same for FW4?

It should.
As I can see from the FW4 documentation, the traffic rules syntax stays the same.

1 Like

Add that rule as well. But it still showing IPv6 address. Am i missing something?

ip add | grep t6
    inet6 ::1/128 scope host
    inet6 fe80::exad:e0ff:fxxf:25a7/64 scope link
    inet6 fe80::exad:e0ff:fxxf:25aa/64 scope link
    inet6 fe80::exad:e0ff:fxxf:25a9/64 scope link
    inet6 fe80::exad:e0ff:fxxf:25a8/64 scope link

No, you don't.
The proposed solution does not make any changes to the system settings.
It blocks IPv6 traffic (incoming and routed), making it unnecessary to disable IPv6 tails in various places in the system.

1 Like
2 Likes

If you read 1st reason I believe you know the logic. :smiley:

Ok. Got it now. Ty. :+1:

I just searched for a previous thread on something odd about IPv6. Be careful of "disabling" IPv6 - it may still be running on devices.

It's becoming ubiquitous.

1 Like

What is the actual, sane reason to forcibly block IPv6 traffic instead of setting things up properly?

2 Likes

Sane reason is "SOHO" for small Internal Network setup IPv6 not require. IPv4 enough to complete the Job and more user friendly.

That's not a good reason.
Even if you disable IPv6 at the router level your devices can still talk between them via IPv6 LL addresses.
This question pops up often but nobody gave a good reason to do it on the router level.
As long as you're not handing out addresses from the router via RA or DHCPv6 it sits there silent, you disable those and that's it.

2 Likes

Believe it, for small network where only 10 computers IPv4 is ideally best instead of IPv6.
Easy to recall IPv4 Numeric Digits vs IPv6 Hex Digits.

Its like requirement of Bike tire and we are trying to fit Truck tire in it. :joy:

Having IPv6 enabled in your network does not imply that you have to remember anything extra. You can use your IPv4 addresses just fine.

3 Likes

The question has been answered on the Forum many times earlier.

This is for security and maintenance simplification reasons.

OpenWRT firewall (fw3/fw4) generates TWO separate sets of IPTABLES rules -
one for IPv4 and another for IPv6.
You can list them via iptables and ip6tables commands.

Most of the regular OpenWRT users are not aware of such duplication
leading to security issues while configuring restrictive firewall rules.

For security and ease of maintenance reasons some administrators
are not willing to maintain two separate firewall tables simultaneously.
The simplest way to get rid of the second, IPv6 firewall table,
is to add two high-priority traffic blocking rules to the IPv6 firewall table.

1 Like

Interesting, can you show me these TWO separate sets of rules in fw4 please? I don't see such a thing on mine.
Also I'm not using iptables, fw4 uses nftables x.x
How but mostly why are you using iptables with fw4?

1 Like

You are absolutely right.
It's perfect that FW4 with nftables as a backend combines both IPv4 and IPv6 netfilter rule sets into one.
My comments above were not technically accurate enough regarding the current OpenWRT versions.
However, the meaning of the proposed actions and the syntax of the proposed commands do not change from this.

1 Like