linux关闭内核命令,Linux内核关闭IPv6协议的方式
在Linux禁用IPv6可以使用下面的幾種方式:
第一種方式:
在/etc/modprobe.d/dist.conf文件中添加install
ipv6 /bin/true,在reboot后使用使用lsmod | grep ipv6查看,IPv6模塊沒有被加載,在/proc/sys/net目錄下也已經沒有了ipv6的目錄文件。[root@root net]# ls
core? ipv4
netfilter? unix
第二種方式:
在/boot/grub/grub.conf文件中,在啟動的Linux內核版本中傳遞下面的參數ipv6.disable=1,該效果和方式一基本類似,都需要重新啟動,但是在啟動完成后,使用lsmod還是可以參看到ipv6模塊信息,但引用ipv6模塊數為0.在/proc/sys/net目錄下也沒有了ipv6的目錄文件。
[root@root~]# lsmod | grep ipv6
ipv6????????????????? 331149? 0
上面這種方式其實是根據IPv6模塊的三個參數進行的,通過modinfo可以看到,IPv6模塊支持三個參數,
modinfo ipv6
filename:
/lib/modules/2.6.32/kernel/net/ipv6/ipv6.ko
alias:????????? net-pf-10
license:??????? GPL
description:??? IPv6 protocol stack for Linux
author:???????? Cast of dozens
srcversion:???? AA5735202A5094F448BF9AE
depends:
vermagic:?????? 2.6.32 SMP mod_unload modversions
parm:?????????? disable:Disable IPv6 module such
that it is non-functional (int)
parm:?????????? disable_ipv6:Disable IPv6 on all
interfaces (int)
parm:?????????? autoconf:Enable IPv6 address
autoconfiguration on all interfaces (int)
在Linux內核的文檔中我們可以看到對這個三個參數的解釋:
disable
Specifies
whether to load the IPv6 module, but disable all
its
functionality.? This might be used when
another module
has
a dependency on the IPv6 module being loaded, but no
IPv6
addresses or operations are desired.
The
possible values and their effects are:
0
IPv6 is enabled.
This
is the default value.
1
IPv6 is disabled.
No
IPv6 addresses will be added to interfaces, and
it
will not be possible to open an IPv6 socket.
A
reboot is required to enable IPv6.
autoconf
Specifies
whether to enable IPv6 address autoconfiguration
on
all interfaces.? This might be used when
one does not wish
for
addresses to be automatically generated from prefixes
received
in Router Advertisements.
The
possible values and their effects are:
0
IPv6 address autoconfiguration is disabled on all interfaces.
Only
the IPv6 loopback address (::1) and link-local addresses
will
be added to interfaces.
1
IPv6 address autoconfiguration is enabled on all interfaces.
This
is the default value.
disable_ipv6
Specifies
whether to disable IPv6 on all interfaces.
This
might be used when no IPv6 addresses are desired.
The
possible values and their effects are:
0
IPv6 is enabled on all interfaces.
This
is the default value.
1
IPv6 is disabled on all interfaces.
No
IPv6 addresses will be added to interfaces.
在grub.conf中還可以使用ipv6.disable_ipv6=1禁止IPv6協議,和ipv6.disable不同的是對IPv6模塊的引用不為零。
lsmod | grep ipv6
ipv6????????????????? 331934? 30
使用echo 0 >
/proc/sys/net/ipv6/conf/all/disable_ipv6命令可以把IPv6功能重新打開,
使用echo 0 > /sys/module/ipv6/parameters/disable_ipv6命令無法重新打開,這也是這兩個控制IPv6協議開關的不同之處。即使在grub.conf文件中不添加ipv6的任何信息,向/sys/module/ipv6/parameters/disable_ipv6文件中寫入也不能控制IPv6協議,建議使用proc目錄下的變量控制。
第三種方式:
在/proc/sys/net/ipv6/conf/目錄下有下面的目錄:
[root@root conf]# ls
all
default? eth0? gre0
lo
可以針對不同的接口禁止,如果是針對所有的接口,可以使用下面的命令,該命令會直接把接口上的IPv6地址給刪掉,包括本地鏈路地址fe80::,
IPv6, net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
下面是Linux內核對該參數的解釋:
disable_ipv6 - BOOLEAN Disable IPv6
operation.? If accept_dad is set to 2,
this value
will
be dynamically set to TRUE if DAD fails for the link-local
address.
Default:
FALSE (enable IPv6 operation)
When
this value is changed from 1 to 0 (IPv6 is being enabled),
it
will dynamically create a link-local address on the given
interface
and start Duplicate Address Detection, if necessary.
When
this value is changed from 0 to 1 (IPv6 is being disabled),
it
will dynamically delete all address on the given interface
附錄:模塊參數的定義
module_param_named(disable_ipv6,
ipv6_defaults.disable_ipv6, int, 0444);
MODULE_PARM_DESC(disable_ipv6,
"Disable IPv6 on all interfaces")
只在addrconf_init_net函數中使用了IPv6模塊參數,所以IPv6模塊的disable_ipv6參數只有在初始化時進行了賦值,系統啟動后的修改無法改變原先的配置。
static int addrconf_init_net(struct net
*net)
{
int
err;
struct
ipv6_devconf *all, *dflt;
err
= -ENOMEM;
all
= &ipv6_devconf;
dflt
= &ipv6_devconf_dflt;
if
(net != &init_net) {
all
= kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL);
if
(all == NULL)
goto
err_alloc_all;
dflt
= kmemdup(dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL);
if
(dflt == NULL)
goto
err_alloc_dflt;
}
else {
/*
these will be inherited by all namespaces */
dflt->autoconf
= ipv6_defaults.autoconf;
dflt->disable_ipv6 =
ipv6_defaults.disable_ipv6;
}
net->ipv6.devconf_all
= all;
net->ipv6.devconf_dflt
= dflt;
#ifdef CONFIG_SYSCTL
err
= __addrconf_sysctl_register(net, "all", NET_PROTO_CONF_ALL,
NULL,
all);
if
(err < 0)
goto
err_reg_all;
err
= __addrconf_sysctl_register(net, "default", NET_PROTO_CONF_DEFAULT,
NULL,
dflt);
if
(err < 0)
goto
err_reg_dflt;
#endif
return
0;
#ifdef CONFIG_SYSCTL
err_reg_dflt:
__addrconf_sysctl_unregister(all);
err_reg_all:
kfree(dflt);
#endif
err_alloc_dflt:
kfree(all);
err_alloc_all:
return
err;
}
總結
以上是生活随笔為你收集整理的linux关闭内核命令,Linux内核关闭IPv6协议的方式的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: oracle备份磁盘头,oracle a
- 下一篇: linux 其他常用命令