How to Disable Network Interfaces on Boot in Debian 12 Bookworm

When managing a Debian 12 (Bookworm) system, there may be instances where you need to disable certain network interfaces at boot. This could be necessary for security reasons, troubleshooting network-related issues, or preventing automatic connections on startup. In this guide, we will explore different methods to achieve this, including using systemd, modifying network configuration files, and leveraging udev rules.

Understanding Network Interfaces in Debian 12

Debian 12, like other modern Linux distributions, utilizes systemd-networkd or NetworkManager to manage network interfaces. Traditional networking configuration using /etc/network/interfaces is still supported but is gradually being replaced by systemd-networkd or NetworkManager. The approach you choose will depend on your system setup and requirements.

Methods to Disable Network Interfaces on Boot

1. Disabling Network Interfaces via systemd

Systemd provides a way to disable network interfaces by masking their service or creating specific network configuration rules.

a. Masking the Network Interface Service

Systemd identifies network interfaces using systemd-networkd. You can prevent an interface from being activated at boot by masking its service.

1. Identify the network interface you want to disable:

   ip link show
   

   Example output:

   1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
   2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default
   

   Here, eth0 is the interface we want to disable.

2. Disable the interface using systemctl:

   sudo systemctl mask systemd-networkd@eth0.service
   

   This prevents systemd from bringing up eth0 during boot.

3. If necessary, stop the interface immediately:

   sudo ip link set eth0 down
   

4. Reboot the system to ensure the changes persist:

   sudo reboot
   

b. Using systemd-networkd Configuration

You can configure systemd to ignore specific network interfaces at boot.

1. Create a systemd network configuration file:

   sudo nano /etc/systemd/network/10-disable-eth0.network
   

2. Add the following content:

   [Match]
   Name=eth0
   
   [Network]
   Unmanaged=yes
   

3. Reload systemd-networkd:

   sudo systemctl restart systemd-networkd
   

This prevents systemd from managing eth0 at boot.

2. Disabling Network Interfaces via NetworkManager

If your system uses NetworkManager, you can disable an interface through its configuration files.

1. Identify the NetworkManager connection name:

   nmcli connection show
   

2. Disable the interface:

   sudo nmcli connection modify eth0 autoconnect no
   

3. Reload NetworkManager:

   sudo systemctl restart NetworkManager
   

This ensures that NetworkManager does not automatically bring up eth0 on boot.

3. Disabling Network Interfaces via /etc/network/interfaces (Legacy Method)

Debian systems that still rely on the traditional /etc/network/interfaces file can be configured to ignore specific interfaces.

1. Edit the configuration file:

   sudo nano /etc/network/interfaces
   

2. Comment out or remove the relevant interface:

   # auto eth0
   # iface eth0 inet dhcp
   

3. Restart networking services:

   sudo systemctl restart networking
   

This method is effective if your system still uses the older networking configuration approach.

4. Disabling Network Interfaces Using Udev Rules

Udev rules can also be used to disable network interfaces at boot.

1. Create a new udev rule:

   sudo nano /etc/udev/rules.d/99-disable-eth0.rules
   

2. Add the following content:

   SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="xx:xx:xx:xx:xx:xx", RUN+="/sbin/ip link set dev eth0 down"
   

   Replace xx:xx:xx:xx:xx:xx with the MAC address of your network interface (find it using ip link show).

3. Reload udev rules:

   sudo udevadm control --reload-rules && sudo udevadm trigger
   

This ensures that the network interface is disabled whenever it is detected by udev.

5. Blacklisting Network Interface Drivers

If you want to completely disable an interface, you can blacklist its driver.

1. Identify the driver in use:

   sudo lshw -class network | grep driver
   

2. Blacklist the driver:

   sudo nano /etc/modprobe.d/blacklist.conf
   

3. Add the following line:

   blacklist driver_name
   

4. Update the initramfs:

   sudo update-initramfs -u
   

5. Reboot the system:

   sudo reboot
   

This method ensures that the driver is not loaded, effectively disabling the interface.

Conclusion

There are multiple ways to disable network interfaces on boot in Debian 12 Bookworm. The method you choose depends on your networking setup and requirements. Systemd-networkd and NetworkManager offer modern ways to manage network configurations, while udev rules and blacklisting drivers provide deeper control over interface behavior. By following the steps outlined in this guide, you can effectively prevent specific network interfaces from being activated at boot, improving security and system management.