Ubuntu 24.04 permanently disable IPv6

Hello Community,

I'm using OVHCloud VPS with their template-installed Ubuntu 24.04 and after roughly 24-72hours (I didn't discover it exactly yet) the VPS re-enables the IPv6 on its own without a reboot (!).

Current setup:
at the end of: /etc/sysctl.conf

Code:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

so I do: sysctl -p
and then: ip a
does not list anything ipv6 related (ie inet6 fe80:: etc)

The problem with this was that after reboot the settings wouldn't hold so I found out that you need to edit: /etc/rc.local
and add inside:

Code:

#!/bin/bash
# /etc/rc.local

/sbin/sysctl -p/etc/sysctl.conf
/etc/init.d/procps restart

exit 0

Thanks to this the IPv6 is gone and survives reboot, however it does not survive 24-72hours uptime with OVHCloud.

Is there anything else that might trigger the IPv6 being turned on automatically after some time?

Notes:
The obvious workaround is to run the sysctl -p every few minutes or so (via cron) but I would rather avoid that path if anybody has a better idea.

I also have seen as recommendation to use the grub method to disable the IPv6 (ie here: https://idroot.us/disable-ipv6-ubuntu-24-04/ ) in the past it completely killed the VPS installation and it lost all connectivity (tried on 20.04 and 22.04) so I doubt it would work on 24.04

 

That's good to know that ISPConfig does not change any networks settings.

Would you or anybody else be willing to provide opinion/help on what to look at?
OVHCloud technical support is notoriously difficult to deal with so I don't think it's even worth trying.

If this is the wrong forum category please feel free to move my question elsewhere in the forums.
Thank you.

 

What you are dealing with is called cloud-init, which is used in such large VPS deployments. That part of the system is responsible for re-activating IPv6 on reboot. So you can either overwrite the cloud-init config, and disable the IPv6 there or what should be the preffered option disable IPv6 for your VPS in the OVH Cloud Panel.

 

Thank you I actually just came across this as well so now thanks to you I'm sure of it.

I tried to do the "Step 4: Disable Cloud-init network management (optional)"
https://support.us.ovhcloud.com/hc/...w-to-Configure-IPv6-on-a-VPS#persistentdebian
ie.

Code:

# echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/98-disable-network-config.cfg

Hoping the system will stop messing with the IP configuration.
But it does not seem to work the IPv6 always comes back regardless. The worst part is it's not even reboot related it directly injects stuff into the running machine (!).

I tried to remove all the packages related to cloud-init (apt remove cloud-init and similar) but it didn't seem to do the job either now I started to run into issues like:

So I tried to do:

Code:

apt install software-properties-common update-inetd dnsutils resolvconf clamav clamav-daemon zip unzip bzip2 xz-utils lzip borgbackup arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl libnet-dns-perl libdbd-mysql-perl bind9 rspamd redis-server postgrey p7zip p7zip-full unrar-free lrzip

which moved the installation forward but it stopped again on some other error (I didn't save it).

 

Maybe it's time to give up and try to live with the IPv6 setup.

Is there any good howto how to setup the DNS records (TXT for SPF dmarc and so on) so it works right away with clean installation of the ISPConfig but IPv4 is still used as primary protocol so it does not cause delays during sending etc?

 

Mail delivery issues, maybe it's time to give up and move on (as posted above).

 

0) I know for dovecot what I need to do is to edit /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master
and insert:

Code:

listen = *

start the service: systemctl start dovecot
check it's fine: systemctl status dovecot
Then do ispconfig_update.sh --force
Credit for this goes to @Etcetera

1) Is it safe to assume that for postfix the following needs to be done?
nano /usr/local/ispconfig/server/conf-custom/install/postfix_custom.conf.master
insert:

Code:

inet_protocols = ipv4

then do: systemctl restart postfix
Credit goes to @Th0m for this.

Does it still need ispconfig_update.sh --force ?

2) OK, so I'm moving into IPv6 world so I wonder how does the fail2ban work in that environment with the default automated install?
Does it ban entire IP ranges? Because banning a single IP seems really pointless...

 

0+1) thank you

2) how do you (and others) deal with the bruteforce attacks on the servers other than fail2ban?
For SSH I suppose one can switch to ssh keys authorization (though still imperfect) but what about bruteforce on FTP and IMAP?

I suppose those zomebie machines are in full control of the attacker so if somebody compromises a machine which has assigned a /64 (normal assigned range for any dedicated server or most residential lines) wouldn't the attacker automatically gain access to roughly 18 quintillion bruteforce attempts? (18,446,744,073,709,551,616 is ::/64)

 

I'm sorry to resurrect an old thread but would you know how to disable/remove the cloud-init safely and be able to install/use the ISPConfig afterwards? Thank you

 

Thank you but for my hobby environment it's too expensive. I'm still trying to get by without either IPv6 or to be able to ban IPv6 ranges for free...

 

You should ask the Hoster as Till already said. Anyway according to the docs to disable only network autoconfig by cloud-init you can set this in /etc/cloud/cloud.cfg:

Code:

network: {config: disabled}

Or at a later stage with this:

Code:

sudo echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

To disable it entirely just create this file:

Code:

sudo touch /etc/cloud/cloud-init.disabled

But be aware that you might brick the system when disabling cloud-init. Better ask the hoster beforehand

 

Thank you @pyte, much appreciated