How to Disable IPv4 or IPv6 in the Kernel on FreeBSD Operating System
Categories:
3 minute read
Introduction
FreeBSD, a powerful and flexible UNIX-like operating system, provides robust networking capabilities, including support for both IPv4 and IPv6. However, there are situations where administrators may need to disable either IPv4 or IPv6 for security, performance optimization, or specific application requirements. Disabling these protocols at the kernel level ensures that they are not available at all, rather than merely disabling them at the interface level.
This guide covers how to disable IPv4 or IPv6 at the kernel level on a FreeBSD system, providing steps to modify kernel configurations and recompile the kernel.
Understanding Kernel-Level Networking in FreeBSD
In FreeBSD, IPv4 and IPv6 are implemented as separate kernel modules. By default, both are enabled to provide full networking support. If you need to disable either protocol completely, you must modify the kernel configuration and recompile it.
Checking Current IPv4 and IPv6 Status
Before making any modifications, check the current status of the networking protocols:
To check IPv4 interfaces:
ifconfig -a | grep inetTo check IPv6 interfaces:
ifconfig -a | grep inet6
If you see active IPv4 or IPv6 addresses, it indicates that the respective protocol is enabled.
Disabling IPv4 in the FreeBSD Kernel
To completely disable IPv4 support in the FreeBSD kernel, follow these steps:
Step 1: Modify the Kernel Configuration File
Navigate to the kernel configuration directory:
cd /usr/src/sys/{ARCH}/confReplace
{ARCH}with your system architecture (e.g.,amd64for 64-bit systems).Copy the default kernel configuration file:
cp GENERIC MYKERNELReplace
MYKERNELwith a meaningful name.Edit the copied kernel configuration file using a text editor such as
viornano:nano MYKERNELLocate the following lines and remove or comment them out by adding
#at the beginning:options INET # Comment out or remove this line to disable IPv4
Step 2: Compile and Install the New Kernel
Compile the kernel:
cd /usr/src make buildkernel KERNCONF=MYKERNELInstall the new kernel:
make installkernel KERNCONF=MYKERNELReboot the system to apply changes:
rebootVerify that IPv4 has been disabled:
ifconfig -a | grep inetThere should be no IPv4 addresses listed.
Disabling IPv6 in the FreeBSD Kernel
To disable IPv6 in FreeBSD, follow similar steps as for IPv4:
Step 1: Modify the Kernel Configuration File
Edit the kernel configuration file:
nano /usr/src/sys/{ARCH}/conf/MYKERNELLocate and remove or comment out the following line:
options INET6 # Comment out or remove this line to disable IPv6
Step 2: Compile and Install the New Kernel
Compile the modified kernel:
cd /usr/src make buildkernel KERNCONF=MYKERNELInstall the new kernel:
make installkernel KERNCONF=MYKERNELReboot the system:
rebootVerify that IPv6 has been disabled:
ifconfig -a | grep inet6No IPv6 addresses should be listed.
Alternative: Disabling IPv4 or IPv6 Without Kernel Compilation
If you prefer not to recompile the kernel, you can disable IPv4 or IPv6 at the system level using rc.conf:
To disable IPv4:
ifconfig_DEFAULT="inet6 auto"To disable IPv6:
ifconfig_DEFAULT="inet -inet6"
Then restart networking or reboot the system:
service netif restart
service routing restart
Conclusion
Disabling IPv4 or IPv6 at the kernel level in FreeBSD ensures that the protocol is completely unavailable on the system. This is useful for security-hardened environments or specialized networking setups. While kernel recompilation is the most robust method, administrators can also disable these protocols at the system level using rc.conf for a more flexible approach.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.