On my Linux box, I have various daemons which can bind to all IPv6-enabled interfaces on ::. When they do so, Linux sends IPv4 requests to that daemon mapped as, for instance, ::ffff:198.51.100.37.
I would instead like IPv4 connections to be refused and only IPv6 connections accepted when a daemon binds to ::. To receive IPv4 connections, I want the daemon to have to explicitly bind to 0.0.0.0 (as well as ::).
In other words, I want to run a service exclusively on IPv6, and not on IPv4.
Is there a way to accomplish this?
Best Answer
This is controlled by the
net.ipv6.bindv6onlysysctl. Add the following to/etc/sysctl.confand runsudo sysctl -pto effect the change.Applications can also explicitly only bind to the IPv6 address instead of changing this globally, for example, nginx has the
ipv6onlyoption to thelistendirective. This corresponds to theIPV6_V6ONLYoption tosetsockopt().