How to disable a network interface in Linux

Taking a Linux network interface down stops new traffic on that device without rebooting the host. Operators use it when isolating a suspect NIC, moving traffic away from one path, or preparing a cable, switch port, bridge, or virtual interface change while the rest of the system keeps running.

The ip command changes the interface's administrative state in the kernel. Running ip link set dev eth0 down clears the UP and LOWER_UP flags for that device, while assigned addresses can still appear in ip addr until the interface is raised or reconfigured.

Routes that depend on the disabled interface are withdrawn from the active routing table, so applications cannot use that path even if the address record remains visible. Disabling the interface that carries an SSH or remote management session disconnects that session immediately, and higher-level managers such as NetworkManager or systemd-networkd may bring the interface back after a reconnect, service reload, or reboot unless their persistent configuration is changed separately.

Steps to disable a network interface with ip in Linux:

List interfaces and identify the interface to disable.

$ ip -br link
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
eth0             UP             52:54:00:12:34:56 <BROADCAST,MULTICAST,UP,LOWER_UP>

The first column is the interface name, such as eth0, enp1s0, ens33, or wlp2s0.

Check the current addresses on the target interface.

$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.40/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever

Confirm the exact device before taking it down, especially on hosts with bridges, bonds, VLANs, VPNs, or container interfaces.

Check routes that currently use the target interface.
```
$ ip route show dev eth0
192.0.2.0/24 proto kernel scope link src 192.0.2.40
198.51.100.0/24 scope link
```
These routes stop being active while the interface is administratively down.
Bring the selected interface down.
```
$ sudo ip link set dev eth0 down
```
Disabling the interface that carries the active remote session immediately disconnects that session and can remove the host's route to other networks.

Confirm that the interface is administratively down.

$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff

Missing UP and LOWER_UP plus state DOWN show that the kernel is no longer treating the link as active.

Check whether the address record is still attached while the interface is down.

$ ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.40/24 brd 192.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever

The address can remain configured even though the interface cannot pass traffic while it is down.

Confirm that routes tied to the disabled interface are no longer active.
```
$ ip route show dev eth0
```
No output is expected when the active routing table has no routes through the disabled interface.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.