My old way of disabling IPv6

Avalanche · April 1, 2025, 8:49am

I got these settings by asking around couple years ago. I wonder if they are still valid or if there's more I can do.

I have these under Local Startup (content of /etc/rc.local)

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
exit 0

IPv6 ULA-Prefix is ::1/128

Ipv6 is disabled for all interfaces under Interfaces menu
Ipv6 is disabled for all active devices under Devices menu

Filter IPv6 AAAA records is enabled under Dnsmasq's Filter settings

My firewall zone settings > advanced settings > "Restrict to address family" shows IPv4 and IPv6 (Should I switch to IPv4 only?)

I guess I could try to disable this package odhcpd-ipv6only but I don't know how, maybe just "Remove" it from packages list?

Also should I add some firewall rules to block all IPv6 traffic (just in case)?

I'm not good at terminal so please tell me how to do things on Luci interface.

egc · April 1, 2025, 9:10am

This is what used in the past (but now I have implemented full dual stack across my network):

Disable IPv6
https://3os.org/infrastructure/openwrt/disable-ipv6/
uci set 'network.lan.ipv6=0'
uci set 'network.wan.ipv6=0'
uci set 'dhcp.lan.dhcpv6=disabled'

Disable RA and DHCPv6 so no IPv6 IPs are handed out

uci -q delete dhcp.lan.dhcpv6
uci -q delete dhcp.lan.ra

Disable the LAN delegation

uci set network.lan.delegate="0"

Delete the IPv6 ULA Prefix

uci -q delete network.globals.ula_prefix

Disable odhcpd

/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

Save changes

uci commit
/etc/init.d/network restart

Optional, you can disable local address assignment via sysctl.conf
net.ipv6.conf.default.disable_ipv6 =1
net.ipv6.conf.all.disable_ipv6 =1
net.ipv6.conf.lo.disable_ipv6 = 0
loopback left with ipv6 just in case some daemon program needs to be additionally re-configured to disable ip6 sockets.

krazeh · April 1, 2025, 10:43am

Afaik disabling IPv6 is not a 'supported' option in openwrt.

While it can be done you might be better off thinking about why you're disabling IPv6 and if it's actually necessary to do so.

ppmm · April 1, 2025, 12:11pm

Best way is to add 'ipv6.disable=1' when kernel boots. Not sure how this can be done in openwrt though.

brada4 · April 1, 2025, 12:21pm

You must leave loopback up with ipv6, mamy things presume ip6 socket never fails.

Avalanche · April 2, 2025, 3:44am

Since you guys said that, I added sysctl -w net.ipv6.conf.lo.disable_ipv6=0 to my "Local Startup" to keep ipv6 loopback up.

I also deleted IPv6 ULA-Prefix and left it empty.

egc · April 2, 2025, 6:31am

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!