I turned off IPv6 on my Linux boxes. Here’s how it went.

I’m Kayla, and I tinker a lot. Home lab, travel laptop, a couple servers. I don’t hate IPv6. But my ISP’s IPv6 was flaky. Pages paused. SSH felt sticky. Slack calls would spin. You know what? I got tired of “Hmm, maybe it’s DNS.” So I tried turning IPv6 off on a few machines and lived with it for a while. Full disclosure: the original, longer-form story lives over on Freedom Penguin as I turned off IPv6 on my Linux boxes—here’s how it went; what you’re reading here is my boiled-down field notes.

This is my honest take—what worked, what broke, and the exact steps I used.

For more Linux-focused anecdotes and how-tos, you can browse the community articles over at Freedom Penguin.

My setup (so you know I’m not guessing)

  • Home: Ubuntu 22.04 on a ThinkPad X1. NetworkManager. UFW on.
  • Work: RHEL 9 server on bare metal. Grub2. nftables.
  • VPS: Debian 12 on a cheap cloud box. No real IPv6 needed there, but I tested anyway.
  • Travel: Fedora 39 on a small Asus laptop. I often sit in hotels and coffee shops with weird Wi-Fi.

Different needs. Same pain: half-baked IPv6.

Method 1: Sysctl – quick switch, fast results

I used sysctl on Ubuntu and Debian. It’s simple, and I could flip it back fast.

  1. I made a file:
sudo nano /etc/sysctl.d/99-disable-ipv6.conf
  1. I put this in:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# if you want loopback too:
net.ipv6.conf.lo.disable_ipv6 = 1
  1. I applied it:
sudo sysctl --system
  1. I checked it:
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
# 1 means off
ip -6 addr
# should show nothing

For a distro-agnostic walkthrough that mirrors this sysctl approach, check out Hostinger's guide on disabling IPv6 on Linux.

What happened on Ubuntu 22.04? Web pages stopped stalling. SSH felt snappy. Slack calls no longer froze at the start. I know, sounds small, but small things stack up.

On my Debian 12 VPS, nothing dramatic. It just cleaned up the logs and made name lookups feel steady.

What I liked:

  • No reboot. Fast rollback.
  • Easy to script.
  • Very clear on/off state.

What bugged me:

  • Some apps still asked for AAAA records and got nothing. Not bad, just noisy.

Rollback:

  • Delete that file and run sudo sysctl --system. Or set the values to 0 and apply.

Method 2: Kernel flag – the hard “off” with GRUB

On my RHEL 9 server, I wanted a firm shut-off. So I used a kernel flag. This is more “final.”

  1. I edited GRUB:
sudo nano /etc/default/grub
  1. I added ipv6.disable=1 inside the line:
GRUB_CMDLINE_LINUX="ipv6.disable=1"
  1. I rebuilt GRUB:

  • RHEL/CentOS/Fedora (BIOS):

    sudo grub2-mkconfig -o /boot/grub2/grub.cfg

  • RHEL/CentOS/Fedora (UEFI):

    sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

  • Ubuntu/Debian:

    sudo update-grub
  1. I rebooted. Then checked:
ip -6 addr
# nothing

Did it help? Yes. My rsync jobs stopped timing out on name lookups. Log noise dropped a lot. It felt calmer.

What I liked:

  • It’s the cleanest “off.” No half measures.
  • Survives every reboot without a thought.

What bugged me:

  • It’s global. If you use tools that love IPv6 (looking at you, Tailscale peers and some Kubernetes bits), they’ll complain. WireGuard v6 peers? They won’t work.

Rollback:

  • Remove ipv6.disable=1, rebuild GRUB, reboot.

If you're curious about how this kernel-level switch stacks up against other methods (like sysctl toggles or NetworkManager settings), OpenSource.com hosts a thorough comparison in their write-up on disabling IPv6.

Method 3: NetworkManager – per-Wi-Fi and perfect for travel

Hotels often have broken tunnels or weird captive portals. I don’t want a reboot there. So I turned off IPv6 just for that Wi-Fi.

With nmcli:

nmcli connection show
nmcli connection modify "MyHotelWiFi" ipv6.method "ignore"
nmcli connection up "MyHotelWiFi"

Check:

nmcli connection show "MyHotelWiFi" | grep ipv6.method

With the GUI (Fedora/Ubuntu):

  • Settings → Wi-Fi → gear icon → IPv6 → set to “Ignore.”

What changed? My browser stopped waiting for AAAA. Pages loaded straight away. Zoom calls got stable on sketchy hotel routers. It’s a nice, soft switch.

What I liked:

  • No reboot. Just the one network.
  • Easy to flip back when I’m home.

What bugged me:

  • You need to do it per network. Not hard, just one more step.

Rollback:

  • Set ipv6.method to “auto” and reconnect.

While you’re already poking at that connection profile, it never hurts to throw in a little privacy by changing your MAC address before jumping on sketchy guest networks—same toolset, same quick wins.

Bonus: Firewalls only, when you must keep IPv6

On one box, I had to keep IPv6 on for a lab test, but I still wanted to block it upstream. So I used nftables.

Simple block:

sudo nft add table ip6 filter
sudo nft add chain ip6 filter output { type filter hook output priority 0 ; }
sudo nft add rule ip6 filter output drop

Careful: This blocks all IPv6 traffic. If that’s too strong, make rules per port or per address.

Rollback:

sudo nft flush ruleset

Quick tests I ran

  • See if it’s off:

    cat /proc/sys/net/ipv6/conf/all/disable_ipv6

  • See addresses:

    ip a | grep inet6

  • Ping with v6 only (should fail if off):

    ping -6 google.com

  • DNS checks:

    getent ahosts example.com | head

  • Firewall state:

    sudo nft list ruleset

While poking around, I also loaded a couple of bare-bones websites to make sure a straight IPv4 request completed quickly. One refreshingly lightweight example is the Moreno Valley personals page at OneNightAffair’s Backpage mirror — its simple HTML layout loads almost instantly, making it a handy real-world sanity check that your IPv4 stack is working end-to-end after you’ve disabled IPv6.

If you want an even clearer picture of how packets wander through the internet after the switch, spin up a quick mtr session—there’s a straightforward primer in MTR on Linux: my honest take from the terminal that walks through the flags.

What got better (for me)

  • Page loads stopped “thinking” first.
  • SSH was instant on bad Wi-Fi.
  • Logs got cleaner. Less AAAA noise.
  • Fewer weird pauses in Slack and Zoom.

It felt like a breath of fresh air on rough networks.

What broke (or got weird)

  • No access to v6-only hosts. Rare, but real.
  • LXD wanted IPv6 for some defaults. I had to tweak it.
  • Tailscale and some P2P tools prefer IPv6. They fell back, which used more relays.
  • Some local service discovery got iffy. Link-local tricks use v6 a lot.

Also, turning IPv6 off does not make you “safe.” Use a firewall anyway. On Ubuntu, I kept UFW on. On RHEL, I kept nftables rules tight.

Who should switch it off?

  • Folks on flaky ISP v6. You’ll feel the difference.
  • Laptops on hotel or guest Wi-Fi. Use the NetworkManager trick.
  • Simple servers that don’t need v6 at all. Sysctl or kernel flag works great.

Who should keep it?

  • Dual-stack shops. If your team runs Kubernetes, LXD, or heavy mesh gear, think twice.
  • Anyone who depends on v6-only services.

One unplanned side quest from all this late-night