Linux系统缺省支持IPv6,长期以来系统管理员、运维工程师们,都默认理解一个数据包在发送时首先会先尝试IPv6的网关,然后再是IPv4的。如果没有v6地址话,可能对系统性能造成影响。至于影响多大,目前没有一个明确的指标。仅供大家参考。不想使用的话直接按照下边几种姿势干掉IPV6即可。
首先使用lsmod命令查一下,Linux lsmod命令用于显示已载入系统的模块。
[root@245 ~]# lsmod | grep -i ipv6 nf_conntrack_ipv6 8748 2 nf_defrag_ipv6 11981 1 nf_conntrack_ipv6 nf_conntrack 79453 2 nf_conntrack_ipv6,xt_state ipv6 323408 15 ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
只有极少数的是必须要ipv6模块的。
[root@245 ~]# cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296
修改
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
配置完毕如果不重启机器的话,可以直接执行命令:
sysctl -p /etc/sysctl.conf;
强制让其生效。
[root@245 ~]# ip a s
CentOS6.x下测试可用。具体原理是截获系统自动加载ipv6模块的动作,直接返回true,并且将ipv6模块加入黑名单(blacklist)。这样系统就没法通过
注意:此法仅适用于CentOS7.x!
此法的原理是在GRUB里直接将参数”ipv6.disable=1”传递给内核,这样启动时内核会根据这个参数不再加载ipv6模块。
具体方法是:
if grep -q "ipv6.disable=1" /etc/default/grub then echo ""ipv6.disable=1" found in /etc/default/grub" else sed -i.ori 's/^GRUB_CMDLINE_LINUX="/&ipv6.disable=1 /' /etc/default/grub /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg fi # 此法自然也需要重启机器,于是: reboot
不推荐grub方法,centos6建议使用第一个方法。如果碰到有一定要依赖于ipv6的模块要加载,直接修改/etc/modprobe.d/ipv6.conf,注释掉相关语句以后,再重新就能modprobe ipv6了