Stop predictable IPv6 addresses from following your host across networks by enabling temporary addresses. 23.12.2025 | reading time: 3 min Many Linux hosts create IPv6 addresses that reveal a stable host identifier; enable privacy extensions to generate temporary addresses and reduce tracking across networks. Quick Demo Check current IPv6 addresses then enable privacy addresses and verify a temporary address appears with these commands and sample output ```bash ip -6 addr show dev eth0 ``` Sample output before enabling privacy addresses ```text 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 inet6 2001:db8:1:2::1234/64 scope global dynamic mngtmpaddr noprefixroute inet6 fe80::a00:27ff:fe4e:66a1/64 scope link ``` Enable temporary addresses immediately for all and default interfaces ```bash sudo sysctl -w net.ipv6.conf.all.use_tempaddr=2 sudo sysctl -w net.ipv6.conf.default.use_tempaddr=2 ``` Verify a temporary address was created ```bash ip -6 addr show dev eth0 ``` Sample output after enabling privacy addresses ```text 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 inet6 2001:db8:1:2::1234/64 scope global dynamic mngtmpaddr noprefixroute inet6 2001:db8:1:2::f3a7:1e2b:temporary/64 scope global temporary inet6 fe80::a00:27ff:fe4e:66a1/64 scope link ``` Make It Persistent To persist the behavior add the settings to a sysctl file then reload the sysctl configuration by creating or editing "/etc/sysctl.d/99-ipv6-privacy.conf" with these lines and running "sudo sysctl --system" ```text net.ipv6.conf.all.use_tempaddr=2 net.ipv6.conf.default.use_tempaddr=2 ``` Tuning and Caveats Privacy addresses are influenced by Router Advertisements and SLAAC; consider per-interface settings like "net.ipv6.conf.eth0.use_tempaddr" and control address generation strategy with "net.ipv6.conf.all.addr_gen_mode" where 0 uses EUI64, 1 uses stable per-prefix addresses, and 2 enables RFC4941 privacy addresses; remember that temporary addresses can interfere with incoming access controls and logging so enable them selectively on client-facing interfaces. Related Tools and Services Network configuration services can override sysctl settings so check NetworkManager or systemd-networkd profiles and DHCPv6 or radvd settings when privacy addresses do not appear; some environments require stable addresses for inventory and access control so coordinate with administration tools. Final Thought Privacy extensions are a small kernel tweak with big privacy benefits for client hosts; experiment safely, document per-interface choices, and consider training to master Linux networking and certification paths like CompTIA Linux+ or LPIC-1 with intensive exam preparation at bitsandbytes.academy to deepen skills. Join Bits & Bytes Academy First class LINUX exam preparation. network security setup
