How To Disable ipv6 on SuSE Linux
For some strange reason, ipv6 is switched ON by default in SuSE Linux.
To check whether you are currently running ipv6, run the following command as root:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0F:1F:89:8F:D5
inet addr:192.168.1.100 Bcast:140.171.243.255 Mask:255.255.254.0
inet6 addr: fe80::20f:1fff:fe89:8fd5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33386388 errors:0 dropped:0 overruns:0 frame:0
TX packets:2947979 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2211978470 (2109.5 Mb) TX bytes:380978644 (363.3 Mb)
Base address:0xdf40 Memory:feae0000-feb00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:895 errors:0 dropped:0 overruns:0 frame:0
TX packets:895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:76527 (74.7 Kb) TX bytes:76527 (74.7 Kb)
If you have lines containing inet6 as above, then your machine IS running ipv6.
How to disbling ipv6 on SuSE Linux
To disable ipv6 completely, run the following commands as root:
# echo “alias net-pf-10 off” >> /etc/modprobe.conf.local
# echo “alias ipv6 off” >> /etc/modprobe.conf.local
Restart the machine.
Once your machine has rebooted, rerun the ifconfig command and verify that the inet6 lines have been removed. Now, Your machine is running without IPV6.
В файл вписались и кавычки, поэтому изачально я не понял, почему не работает отключение. Я нашел еще несколько способов отключения IPv6:
--------------------------------------------
http://blog.taragana.com/index.php/archive/how-to-disable-ipv6-on-fedora-linux-why/
For Fedora 7 you should add the command to blacklist instead as shown below:
blacklist net-pf-10
Note: I haven't personally tested on Fedora 7.
Note: Try to copy-paste these lines instead of typing them. I faced problems in one computer after typing it in. It wasn't something which was visible to me on casual inspection but copy-paste solved it.
2. Open /etc/sysconfig/network and look for the line containing NETWORKING_IPV6 and change the value to no as shown below:
NETWORKING_IPV6=no
3. Stop ip6tables firewall:
/sbin/service ip6tables stop
4. Prevent the ip6tables firewall from coming up ever again:
/sbin/chkconfig ip6tables off
5. Restart your network to see if everything is working correctly:
/sbin/service network restart
Some articles suggest rebooting the machine at this stage so you may do that too.
Note: The original information is derived from this article and modified based on my experience with many servers.
Will this improve your performance? I don't have benchmarks but in my experience it does. And for web severs every bit of performance you can extract is worth it. So if you are not using ipv6 then I suggest you disable it.
-------------------------------------------------
http://www.g-loaded.eu/2008/05/12/how-to-disable-ipv6-in-fedora-and-centos/
How to Disable IPv6 in Fedora and CentOS
May 12th, 2008 by George Notaras
They say that by disabling IPv6 things get a bit smoother and faster regarding networking. I don’t really know if this is true, but I guess, if you’ve decided to disable this feature, you probably care to do it the Right Way™. As far as I know, trying to disable IPv6 through anaconda during the installation of Fedora or CentOS does not turn off the IPv6 functionality completely, but it just disables it for the configured network interface. This is not actually a problem, but, why should this network layer be enabled system-wide, if you do not use it at all? This small article assists you in disabling IPv6 in the latest Fedora and CentOS releases in an aggressive and unforgiving way.
Check if the module is loaded
IPv6 functionality is being made available to the system by the ipv6 kernel module. To check if this module is currently loaded in your system, issue the following command as root:
lsmod | grep ipv6
If you see ipv6 in its output, then the module is loaded.
Performing this check is absolutely not necessary. It is included in this article for completeness.
Disable IPv6
You can prevent a module from being inserted into the kernel by either blacklisting it or by completely disabling it.
In this case, since you will most probably turn off the IPv6 firewall (ip6tables) as well, it is highly recommended to completely disable the ipv6 module, to avoid any accidental loading of the IPv6 stack without any firewall protection at the same time.
How the module blacklist works
This information about blacklisting a kernel module exists here for educational purposes. It has been mentioned above that for ipv6 it is important to completely disable it.
From the modprobe.conf man page:
Modules can contain their own aliases: usually these are aliases describing the devices they support, such as “pci:123…”. These “internal” aliases can be overridden by normal “alias” keywords, but there are cases where two or more modules both support the same devices, or a module invalidly claims to support a device: the blacklist keyword indicates that all of that particular module’s internal aliases are to be ignored.
So, blacklist indicates that a module’s aliases should be ignored. But, what happens if an application requires to load that specific module or if root uses modprobe to load it on demand? Let’s test it…
To blacklist the module, simply save the following line in a file inside /etc/modprobe.d:
blacklist ipv6
Next, disable any services that use IPv6, eg ip6tables or any IPv6-enabled network interfaces and reboot (mandatory).
After you’ve logged-in again, try, for example, to load the ipv6 module with the modprobe command (as root):
[root@centos]# modprobe -v ipv6
insmod /lib/modules/2.6.18-53.1.14.el5/kernel/net/ipv6/ipv6.ko
[root@centos]# lsmod | grep v6
ipv6 251393 8
The blacklisted module has been loaded. This is what happens if it is needed by a system service, regardless of the fact that it has been blacklisted. In the case of ipv6 this could be a security risk, provided that the ipv6 firewall has been turned off but some network interfaces still use IPv6. So, frankly, it is suggested to read on how to disable the module more aggressively…
Completely disable the ipv6 module
To completely disable IPv6 in your system, all you have to do is save the following line in a file inside /etc/modprobe.d/.
install ipv6 /bin/true
The above line means: whenever the system needs to load the ipv6 kernel module, it is forced to execute the command true instead of actually loading the module. Since /bin/true, does absolutely nothing, the module never gets loaded.
Again, it is required to reboot for the changes to take effect.
It is obvious that this is an aggressive method to disable kernel modules, but it guarantees that the module never gets loaded.
This is the recommended way to disable IPv6.
Other Configuration Tasks
Since the IPv6 functionality has been disabled, you can disable the ip6tables service (IPv6 Firewall). Issue the following command as root:
chkconfig ip6tables off
It is also a good idea, since the ip6tables service has been turned off, to disable any IPv6-related functionality in the network interface configuration. Even if you do not do this, the IPv6 stack will not be initialized because the ipv6 module cannot be loaded. But, generally, you could set the following options to “no” inside your network interface scripts, for example: /etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=no
IPV6_AUTOCONF=no
Finally, In fedora 8 or newer you can safely remove the following option from the /etc/sysconfig/network file, if it exists:
NETWORKING_IPV6=no
Final Thoughts
Using the instructions above, you can completely disable IPv6 in your system. On the other hand, you should understand that IPv6 is not an evil thing… It exists in order to address certain issues. If you ever think about actually trying to configure and use it instead of just disabling it every time you install your Linux operating system, here is a good place to start…
The How to Disable IPv6 in Fedora and CentOS by George Notaras, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Terms and conditions beyond the scope of this license may be available at www.g-loaded.eu.
Комментариев нет:
Отправить комментарий