禁止Debian系统自动获取V6

有些时候需要手动配置V6,又不希望禁用整个系统V6,比如举个例子,里面两个IPv6,实际上/48的才是我们需要的.

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether 00:16:3e:eb:ce:fc brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 84.33.44.55/24 brd 84.33.44.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 2a0c:8fc1:8fc1::1/48 scope global 
       valid_lft forever preferred_lft forever
    inet6 2406:d500:9:615:216:3eff:feeb:cefc/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591908sec preferred_lft 604708sec

如何屏蔽"dynamic mngtmpaddr noprefixroute"?

只需要针对特定网卡配置sysctl,下面分别操作.

• 不适用自动配置 (比如DHCP/SLAAC就会禁用!)
• 不接受RA (SLAAC过来的RA也不要!)
• 下面最强隐私设定!

net.ipv6.conf.ens3.autoconf=0
net.ipv6.conf.ens3.accept_ra=0
net.ipv6.conf.ens3.use_tempaddr=0

如果使用netplan还需要在netplan禁用ra.

network:
  version: 2
  renderer: networkd
  ethernets:
    ens3:
     dhcp4: no
     accept-ra: false
     addresses: 
      - "84.33.44.55/24"
      - "2a0c:8fc1:8fc1::1/48"
     gateway4: 84.33.44.1
     nameservers:
       addresses: [8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844]
     routes:
       - to: "::/0"
         via: "2a0c:8fc1:8fc1::1"
         on-link: true

一切OK!