2
禁止Debian系统自动获取V6
source link: https://www.taterli.com/9106/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
禁止Debian系统自动获取V6
禁止Debian系统自动获取V6
有些时候需要手动配置V6,又不希望禁用整个系统V6,比如举个例子,里面两个IPv6,实际上/48的才是我们需要的.
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 00:16:3e:eb:ce:fc brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 84.33.44.55/24 brd 84.33.44.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 2a0c:8fc1:8fc1::1/48 scope global
valid_lft forever preferred_lft forever
inet6 2406:d500:9:615:216:3eff:feeb:cefc/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591908sec preferred_lft 604708sec
如何屏蔽"dynamic mngtmpaddr noprefixroute"?
只需要针对特定网卡配置sysctl,下面分别操作.
- 不适用自动配置 (比如DHCP/SLAAC就会禁用!)
- 不接受RA (SLAAC过来的RA也不要!)
- 下面最强隐私设定!
net.ipv6.conf.ens3.autoconf=0
net.ipv6.conf.ens3.accept_ra=0
net.ipv6.conf.ens3.use_tempaddr=0
如果使用netplan还需要在netplan禁用ra.
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
accept-ra: false
addresses:
- "84.33.44.55/24"
- "2a0c:8fc1:8fc1::1/48"
gateway4: 84.33.44.1
nameservers:
addresses: [8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844]
routes:
- to: "::/0"
via: "2a0c:8fc1:8fc1::1"
on-link: true
一切OK!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK