linux系统禁ping和ipv6协议

一.禁用外网ping服务器

1.修改配置文件对系统临时生效,系统重启后设置不起作用

[root@208 ~]# echo  "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

 

2.永久生效，修改系统的配置文件

[root@208 ~]# vim /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1           --添加这一行
[root@208 ~]# sysctl  -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.conf.all.arp_notify = 1

 

3.如果生效时有错误，错误处理

[root@208 ~]# sysctl  -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key    --错误信息
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.conf.all.arp_notify = 1

 

解决方法:

[root@208 ~]# modprobe bridge
[root@208 ~]# lsmod | grep bridge
bridge                 83177  0
stp                     2218  1 bridge
llc                     5546  2 bridge,stp

 

二.禁用系统使用ipv6协议

[root@node2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

NETWORKING_IPV6=no                --添加这行

[root@node2 ~]# vim /etc/hosts

#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6    --禁用这行

[root@node2 ~]# vim /etc/modprobe.d/ipv6off.conf     --创建新文件写入以下两行保存

alias net-pf-10 off
alias ipv6 off

[root@node2 ~]# reboot             --必须重启系统 

[root@node2 ~]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      866/rpcbind        
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      941/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1302/master        
tcp        0      0 0.0.0.0:34816               0.0.0.0:*                   LISTEN      886/rpc.statd      
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1054/mysqld        
tcp        0     52 192.168.1.102:22            192.168.1.93:61403          ESTABLISHED 2442/sshd          
[root@node2 ~]#