Disable IPV6 by Kernel options

Hi guys,

I am new here.

I’m looking for the possibility to disable IPV6 for my complete system. What is the easiest way to do this with the kernel options?


See [1].

[1] https://www.qubes-os.org/doc/networking/

May I ask why you want to do this?

Not OP, but my guess is because IPv6 is generally considered less leak-proof compared to IPv4, and disabling it doesn’t cause issues in most of the common use cases.

That’s my understanding as well, but that’s quite different from the request “to disable IPV6 for my complete system.” I could understand not wanting to use IPv6 for any network traffic that actually leaves Qubes, but I’d be concerned that trying to completely disable the capability for IPv6 routing between AppVMs (#718) could break things without providing any benefit.

If the actual goal is not to use IPv6 for any traffic flowing through sys-net, for example, wouldn’t that just be a general Linux (non-Qubes-specific) thing to configure inside of sys-net? In any case, I’ve seen no indication that Qubes uses IPv6 by default at all.

Hmm this is new to me. I was always under the impression that traffic between Qubes only uses IPv4 (probably because internal addresses are IPv4). So you’re saying that if I want to block IPv6 internet traffic, I should do so by configuring sys-net and, if I’m using VPNs, the relevant firewalls?

By the way I disable IPv6 via qvm-features [VMname] ipv6 '' for all VMs, but this doesn’t seem to be the cause of the inconsistent network connectivity I experienced for my torrenting VM that I posted about recently. I’ll take a look at it.

It is intended for MAC spoofing before the network connection to the external router is established. Since the documentation of Qubes OS is outdated, I’m not sure that Qubes OS really doesn’t work with IPV6 by default.

Right now, my guess is that’s probably true. But that doesn’t mean the capability to use IPv6 is not there. And doing surgery on the system to try to remove that capability could easily do unnecessary harm.

I’m no expert, but I’d think so. Again, though, I wouldn’t be surprised if it’s not using IPv6 by default, in which case there would be no need for you to do anything.