Linux內核關閉IPv6協議的方式

在Linux禁用IPv6可以使用下面的幾種方式：

第一種方式：

在/etc/modprobe.d/dist.conf文件中添加install ipv6 /bin/true，在reboot後使用使用lsmod | grep ipv6查看，IPv6模塊沒有被加載，在/proc/sys/net目錄下也已經沒有了ipv6的目錄文件。[root@root net]# ls

core ipv4 netfilter unix

第二種方式：

在/boot/grub/grub.conf文件中，在啟動的Linux內核版本中傳遞下面的參數ipv6.disable=1，該效果和方式一基本類似，都需要重新啟動，但是在啟動完成後，使用lsmod還是可以參看到ipv6模塊信息，但引用ipv6模塊數為0. 在/proc/sys/net目錄下也沒有了ipv6的目錄文件。

[root@root~]# lsmod | grep ipv6

ipv6 331149 0

上面這種方式其實是根據IPv6模塊的三個參數進行的，通過modinfo可以看到，IPv6模塊支持三個參數，

modinfo ipv6

filename: /lib/modules/2.6.32/kernel/net/ipv6/ipv6.ko

alias: net-pf-10

license: GPL

description: IPv6 protocol stack for Linux

author: Cast of dozens

srcversion: AA5735202A5094F448BF9AE

depends:

vermagic: 2.6.32 SMP mod_unload modversions

parm: disable:Disable IPv6 module such that it is non-functional (int)

parm: disable_ipv6:Disable IPv6 on all interfaces (int)

parm: autoconf:Enable IPv6 address autoconfiguration on all interfaces (int)

在Linux內核的文檔中我們可以看到對這個三個參數的解釋：

disable

Specifies whether to load the IPv6 module, but disable all

its functionality. This might be used when another module

has a dependency on the IPv6 module being loaded, but no

IPv6 addresses or operations are desired.

The possible values and their effects are:

0 IPv6 is enabled.

This is the default value.

1 IPv6 is disabled.

No IPv6 addresses will be added to interfaces, and

it will not be possible to open an IPv6 socket.

A reboot is required to enable IPv6.

autoconf

Specifies whether to enable IPv6 address autoconfiguration

on all interfaces. This might be used when one does not wish

for addresses to be automatically generated from prefixes

received in Router Advertisements.

The possible values and their effects are:

0 IPv6 address autoconfiguration is disabled on all interfaces.

Only the IPv6 loopback address (::1) and link-local addresses

will be added to interfaces.

1 IPv6 address autoconfiguration is enabled on all interfaces.

This is the default value.

disable_ipv6

Specifies whether to disable IPv6 on all interfaces.

This might be used when no IPv6 addresses are desired.

The possible values and their effects are:

0 IPv6 is enabled on all interfaces.

This is the default value.

1 IPv6 is disabled on all interfaces.

No IPv6 addresses will be added to interfaces.

在grub.conf中還可以使用ipv6.disable_ipv6=1禁止IPv6協議，和ipv6.disable不同的是對IPv6模塊的引用不為零。

lsmod | grep ipv6

ipv6 331934 30

使用echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6 命令可以把IPv6功能重新打開，

使用echo 0 > /sys/module/ipv6/parameters/disable_ipv6命令無法重新打開，這也是這兩個控制IPv6協議開關的不同之處。即使在grub.conf文件中不添加ipv6的任何信息，向/sys/module/ipv6/parameters/disable_ipv6文件中寫入也不能控制IPv6協議，建議使用proc目錄下的變量控制。

第三種方式：

在/proc/sys/net/ipv6/conf/目錄下有下面的目錄：

[root@root conf]# ls

all default eth0 gre0 lo

可以針對不同的接口禁止，如果是針對所有的接口，可以使用下面的命令，該命令會直接把接口上的IPv6地址給刪掉，包括本地鏈路地址fe80::,

IPv6, net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

下面是Linux內核對該參數的解釋：

disable_ipv6 - BOOLEAN Disable IPv6 operation. If accept_dad is set to 2, this value

will be dynamically set to TRUE if DAD fails for the link-local

address.

Default: FALSE (enable IPv6 operation)

When this value is changed from 1 to 0 (IPv6 is being enabled),

it will dynamically create a link-local address on the given

interface and start Duplicate Address Detection, if necessary.

When this value is changed from 0 to 1 (IPv6 is being disabled),

it will dynamically delete all address on the given interface

附錄：模塊參數的定義

module_param_named(disable_ipv6, ipv6_defaults.disable_ipv6, int, 0444);

MODULE_PARM_DESC(disable_ipv6, "Disable IPv6 on all interfaces")

只在addrconf_init_net函數中使用了IPv6模塊參數，所以IPv6模塊的disable_ipv6參數只有在初始化時進行了賦值，系統啟動後的修改無法改變原先的配置。

static int addrconf_init_net(struct net *net)

{

int err;

struct ipv6_devconf *all, *dflt;

err = -ENOMEM;

all = &ipv6_devconf;

dflt = &ipv6_devconf_dflt;

if (net != &init_net) {

all = kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL);

if (all == NULL)

goto err_alloc_all;

dflt = kmemdup(dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL);

if (dflt == NULL)

goto err_alloc_dflt;

} else {

/* these will be inherited by all namespaces */

dflt->autoconf = ipv6_defaults.autoconf;

dflt->disable_ipv6 = ipv6_defaults.disable_ipv6;

}

net->ipv6.devconf_all = all;

net->ipv6.devconf_dflt = dflt;

#ifdef CONFIG_SYSCTL

err = __addrconf_sysctl_register(net, "all", NET_PROTO_CONF_ALL,

NULL, all);

if (err < 0)

goto err_reg_all;

err = __addrconf_sysctl_register(net, "default", NET_PROTO_CONF_DEFAULT,

NULL, dflt);

if (err < 0)

goto err_reg_dflt;

#endif

return 0;

#ifdef CONFIG_SYSCTL

err_reg_dflt:

__addrconf_sysctl_unregister(all);

err_reg_all:

kfree(dflt);

#endif

err_alloc_dflt:

kfree(all);

err_alloc_all:

return err;

}

Ubuntu開啟IPV6 http://www.linuxidc.com/Linux/2013-03/80479.htm

思科CCIE認證知識點之IPV6地址 http://www.linuxidc.com/Linux/2013-01/78078.htm

WireShark下抓取IPV6數據包使用教程 http://www.linuxidc.com/Linux/2013-01/77518.htm

Ubuntu 12.04 校園網下使用IPV6源 免流量更新 http://www.linuxidc.com/Linux/2012-07/66240.htm

Linux搭建IPV6 ftp服務器 http://www.linuxidc.com/Linux/2012-07/65150.htm

CentOS IPV6設置 http://www.linuxidc.com/Linux/2012-06/63644.htm

CentOS純IPV6環境下設置更新源 http://www.linuxidc.com/Linux/2012-06/63643.htm

CentOS 6 IPV6 關閉方法 http://www.linuxidc.com/Linux/2012-06/63642.htm

如何在Ubuntu,Linux Mint,Debian���禁用IPv6 http://www.linuxidc.com/Linux/2014-07/104192.htm