2021-05-12 14:32:11
Linux核心關閉IPv6協定的方式
2020-06-16 18:09:20
在Linux禁用IPv6可以使用下面的幾種方式:
第一種方式:
在/etc/modprobe.d/dist.conf檔案中新增install ipv6 /bin/true,在reboot後使用使用lsmod | grep ipv6檢視,IPv6模組沒有被載入,在/proc/sys/net目錄下也已經沒有了ipv6的目錄檔案。[root@root net]# ls
core ipv4 netfilter unix
第二種方式:
在/boot/grub/grub.conf檔案中,在啟動的Linux核心版本中傳遞下面的引數ipv6.disable=1,該效果和方式一基本類似,都需要重新啟動,但是在啟動完成後,使用lsmod還是可以參看到ipv6模組資訊,但參照ipv6模組數為0. 在/proc/sys/net目錄下也沒有了ipv6的目錄檔案。
[root@root~]# lsmod | grep ipv6
ipv6 331149 0
上面這種方式其實是根據IPv6模組的三個引數進行的,通過modinfo可以看到,IPv6模組支援三個引數,
modinfo ipv6
filename: /lib/modules/2.6.32/kernel/net/ipv6/ipv6.ko
alias: net-pf-10
license: GPL
description: IPv6 protocol stack for Linux
author: Cast of dozens
srcversion: AA5735202A5094F448BF9AE
depends:
vermagic: 2.6.32 SMP mod_unload modversions
parm: disable:Disable IPv6 module such that it is non-functional (int)
parm: disable_ipv6:Disable IPv6 on all interfaces (int)
parm: autoconf:Enable IPv6 address autoconfiguration on all interfaces (int)
在Linux核心的文件中我們可以看到對這個三個引數的解釋:
disable
Specifies whether to load the IPv6 module, but disable all
its functionality. This might be used when another module
has a dependency on the IPv6 module being loaded, but no
IPv6 addresses or operations are desired.
The possible values and their effects are:
0 IPv6 is enabled.
This is the default value.
1 IPv6 is disabled.
No IPv6 addresses will be added to interfaces, and
it will not be possible to open an IPv6 socket.
A reboot is required to enable IPv6.
autoconf
Specifies whether to enable IPv6 address autoconfiguration
on all interfaces. This might be used when one does not wish
for addresses to be automatically generated from prefixes
received in Router Advertisements.
The possible values and their effects are:
0 IPv6 address autoconfiguration is disabled on all interfaces.
Only the IPv6 loopback address (::1) and link-local addresses
will be added to interfaces.
1 IPv6 address autoconfiguration is enabled on all interfaces.
This is the default value.
disable_ipv6
Specifies whether to disable IPv6 on all interfaces.
This might be used when no IPv6 addresses are desired.
The possible values and their effects are:
0 IPv6 is enabled on all interfaces.
This is the default value.
1 IPv6 is disabled on all interfaces.
No IPv6 addresses will be added to interfaces.
在grub.conf中還可以使用ipv6.disable_ipv6=1禁止IPv6協定,和ipv6.disable不同的是對IPv6模組的參照不為零。
lsmod | grep ipv6
ipv6 331934 30
使用echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6 命令可以把IPv6功能重新開啟,
使用echo 0 > /sys/module/ipv6/parameters/disable_ipv6命令無法重新開啟,這也是這兩個控制IPv6協定開關的不同之處。即使在grub.conf檔案中不新增ipv6的任何資訊,向/sys/module/ipv6/parameters/disable_ipv6檔案中寫入也不能控制IPv6協定,建議使用proc目錄下的變數控制。
第三種方式:
在/proc/sys/net/ipv6/conf/目錄下有下面的目錄:
[root@root conf]# ls
all default eth0 gre0 lo
可以針對不同的介面禁止,如果是針對所有的介面,可以使用下面的命令,該命令會直接把介面上的IPv6地址給刪掉,包括本地鏈路地址fe80::,
IPv6, net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
下面是Linux核心對該引數的解釋:
disable_ipv6 - BOOLEAN Disable IPv6 operation. If accept_dad is set to 2, this value
will be dynamically set to TRUE if DAD fails for the link-local
address.
Default: FALSE (enable IPv6 operation)
When this value is changed from 1 to 0 (IPv6 is being enabled),
it will dynamically create a link-local address on the given
interface and start Duplicate Address Detection, if necessary.
When this value is changed from 0 to 1 (IPv6 is being disabled),
it will dynamically delete all address on the given interface
附錄:模組引數的定義
module_param_named(disable_ipv6, ipv6_defaults.disable_ipv6, int, 0444);
MODULE_PARM_DESC(disable_ipv6, "Disable IPv6 on all interfaces")
只在addrconf_init_net函數中使用了IPv6模組引數,所以IPv6模組的disable_ipv6引數只有在初始化時進行了賦值,系統啟動後的修改無法改變原先的設定。
static int addrconf_init_net(struct net *net)
{
int err;
struct ipv6_devconf *all, *dflt;
err = -ENOMEM;
all = &ipv6_devconf;
dflt = &ipv6_devconf_dflt;
if (net != &init_net) {
all = kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL);
if (all == NULL)
goto err_alloc_all;
dflt = kmemdup(dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL);
if (dflt == NULL)
goto err_alloc_dflt;
} else {
/* these will be inherited by all namespaces */
dflt->autoconf = ipv6_defaults.autoconf;
dflt->disable_ipv6 = ipv6_defaults.disable_ipv6;
}
net->ipv6.devconf_all = all;
net->ipv6.devconf_dflt = dflt;
#ifdef CONFIG_SYSCTL
err = __addrconf_sysctl_register(net, "all", NET_PROTO_CONF_ALL,
NULL, all);
if (err < 0)
goto err_reg_all;
err = __addrconf_sysctl_register(net, "default", NET_PROTO_CONF_DEFAULT,
NULL, dflt);
if (err < 0)
goto err_reg_dflt;
#endif
return 0;
#ifdef CONFIG_SYSCTL
err_reg_dflt:
__addrconf_sysctl_unregister(all);
err_reg_all:
kfree(dflt);
#endif
err_alloc_dflt:
kfree(all);
err_alloc_all:
return err;
}
Ubuntu開啟IPV6 http://www.linuxidc.com/Linux/2013-03/80479.htm
思科CCIE認證知識點之IPV6地址 http://www.linuxidc.com/Linux/2013-01/78078.htm
WireShark下抓取IPV6封包使用教學 http://www.linuxidc.com/Linux/2013-01/77518.htm
Ubuntu 12.04 校園網下使用IPV6源 免流量更新 http://www.linuxidc.com/Linux/2012-07/66240.htm
Linux搭建IPV6 ftp伺服器 http://www.linuxidc.com/Linux/2012-07/65150.htm
CentOS IPV6設定 http://www.linuxidc.com/Linux/2012-06/63644.htm
CentOS純IPV6環境下設定更新源 http://www.linuxidc.com/Linux/2012-06/63643.htm
CentOS 6 IPV6 關閉方法 http://www.linuxidc.com/Linux/2012-06/63642.htm
如何在Ubuntu,Linux Mint,Debian上禁用IPv6 http://www.linuxidc.com/Linux/2014-07/104192.htm
相關文章