How to completely, dynamically disable IPv4 stack from Linux?

Solution 1:

Well after a little chat on the IRC the general opinion is that the linux kernel shares some code between ipv4 and ipv6, and that may make completely disabling ipv4 entirely impossible. You can try to compile the kernel without the ipv4 parts but ipv6 may not compile in this case (but nothing keeps you from trying!).

You can remove the ipv4 addresses from interfaces, AFAIK, but I don't think it's possible at this time to completely disable ipv4.

EDIT: After a quick check on make menuconfig on kernel 2.6.36 I could not find a way of disabling ipv4 without disabling the entire TCP/IP stack (and so, ipv6).

Solution 2:

If this is for developers, then "library interposition" could be used, with LD_PRELOAD some doctored library with stub functions that simply return errors (or that call the real ones depending on the day of the week or some other external criterion).

---

Solution 3:

I don't think it is possible to disable IPv4 completely, but depending on your goal, dropping all IPv4 traffic using iptables might be enough, no?

Something like this should work. I haven't tested it on any machine, as I am accessing them through IPv4.

sudo iptables -I INPUT -j DROP
sudo iptables -O OUTPUT -j DROP