Yesterday I posted about various Mac security improvements you can make to your Mac. Today’s is a post about turning off IPv6 and the security improvements it can make. IPv6 is a protocol that allows your Mac to communicate with other computers. It is soon going to replace the existing IPv4. IPv6 may allow rogue applications to communicate with out you being aware of it. It can essentially piggy back on your network without you knowing. This post is going to show you how to turn this service off.
Turning Off IPv6 Using System Preferences
A simple way to turn off IPv6 is to use System Preferences. This will not fully turn off this protocol but will effectively limit to your home network. This means that transmissions cannot go further than your home router. This is a simple change and one that is easy to implement. It also allows Bonjour and other applications on your Mac to still run, as these service use the IPv6 network.
Open System Preferences and select the Network preference pane. Select network you are currently using, such as Wi-Fi or Ethernet. Press the Advance button to get to the extra setting. From here select the TCP/IP tab.
You will notice there is a drop down menu entitled ‘Configure IPv6’. From the drop down list select ‘Link-Local’. This will effectively limit IPv6 to your Mac. In the image below there is an Off option which you can also select. However this may not be present and you may need to use the next section of this post to fully turn it off.
Force IPv6 Off With Terminal
If you want to force IPv6 off you can use a Terminal command to turn it off. I recommend the Link-Local option above, however this command is a suitable if you want to force it off.
Open Terminal within Applications > Utilities. Type the following command to ensure you get the names of your network correct.
This will give you a list of the networks on your Mac. This usually corresponds to the list within System Preferences. Remember the name of the network you want to turn off. Then type the following:
networksetup -setv6off Wi-Fi
This will turn off IPv6 for Wi-Fi. You can use this same command to turn off IPv6 for your Ethernet connection
networksetup -setv6off Ethernet
Ensure you type the name exactly so you don’t get the wrong network. If the name has spaces in it use a backslash before the space.
This will turn off IPv6. This will also put the Off drop down option within System Preferences as shown in the image above.
Note that you can turn off IPv4 with the
-setv4off, option. However, this can easily be done within System Preferences.