Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
To disable in the running system:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
or
sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1
Additional note #1: If problems with X forwarding are encountered on systems with IPv6 disabled, edit /etc/ssh/sshd_config and make either of the following changes:
(1) Change the line
#AddressFamily any
to
AddressFamily inet
(inet is ipv4 only; inet6 is ipv6 only)
or
(2) Remove the hash mark (#) in front of the line
#ListenAddress 0.0.0.0
Then restart ssh.
Additional note #2: If problems with starting postfix are encountered on systems with IPv6 disabled, either
(1) edit /etc/postfix/main.cf and comment out the localhost part of the config and use ipv4 loopback.
#inet_interfaces = localhostinet_interfaces = 127.0.0.1
or
(2) take out the ipv6 localhost from /etc/hosts .
Additional Note #3 : To disable RPCBIND ipv6 (rpcbind, rpc.mountd, prc.statd) remark out the udp6 and tcp6 lines in /etc/netconfig:
udp tpi_clts v inet udp - - tcp tpi_cots_ord v inet tcp - - #udp6 tpi_clts v inet6 udp - - #tcp6 tpi_cots_ord v inet6 tcp - - rawip tpi_raw - inet - - - local tpi_cots_ord - loopback - - - unix tpi_cots_ord - loopback - - -
你可以用两个方法做到这个。
编辑文件/etc/sysctl.conf,
vi /etc/sysctl.conf
添加下面的行:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
如果你想要为特定的网卡禁止IPv6,比如,对于enp0s3,添加下面的行。
net.ipv6.conf.enp0s3.disable_ipv6 = 1
保存并退出文件。
执行下面的命令来使设置生效。
sysctl -p
要在运行的系统中禁止IPv6,依次输入下面的命令:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6
或者,
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
就是这样。现在IPv6已经禁止了。
你可能在禁止IPv6后遇到一些问题
如果你在禁止IPv6后SSH遇到问题,按照下面的做。
编辑 /etc/ssh/sshd_config 文件
vi /etc/ssh/sshd_config
找到下面的行:
#AddressFamily any
把它改成:
AddressFamily inet
或者,在这行的前面去掉注释(#):
#ListenAddress 0.0.0.0
接着重启ssh来使改变生效。
systemctl restart sshd
如果你在禁止Ipv6后启动postfix遇到问题,编辑/etc/postfix/main.cf:
vi /etc/postfix/main.cf
注释掉配置中的localhost部分,并且使用ipv4回环。
#inet_interfaces = localhost iet_interfaces = 127.0.0.1
就是这样,干杯!