How to disable NAT for IPv6 (NAT66)?

Question

The current Ubuntu LTS does not support NAT tables for IPv6 (i.e. there is no ip6tables -t nat), and I'm fine with that, in fact, a NAT-less environment is the "core" of my networks.

But, the next Ubuntu LTS will add support for IPv6 NAT tables and, the problem is, I have "orders" to not allow it within my IPv6 network, I mean, we'll not support NAT66 (NAT for IPv6).

So, I need to make sure that ip6tables -t nat will not work here. How can I disable it?

Can I just blacklist some kernel modules? Sysctl?

score 6 · Answer 1 · edited Apr 13 '17 at 12:24

6

The IPv6 NAT module is named nf_nat_ipv6, so it should be sufficient to blacklist that module.

sudo sh -c 'echo blacklist nf_nat_ipv6 >> /etc/modprobe.d/blacklist'

edited Apr 13 '17 at 12:24

Community

1

answered Dec 28 '13 at 19:48

Michael Hampton

1,860
1
16
27

score 0 · Answer 2 · edited Nov 22 '16 at 14:26

0

The proper way to blacklist modules such as this is as follows:

In your blacklist file, insert the following line, replacing "(module_name)" with the name of the module as it shows in lsmod

install (module_name) /bin/false

This is a kernel-level directive and not specific to any distribution. You can find more about the install directive in man modprobe.conf.

edited Nov 22 '16 at 14:26

David Foerster

36,890
56
97
151

answered Nov 21 '16 at 23:56

Speeddymon

182

How to disable NAT for IPv6 (NAT66)?

2 Answers2