有些时候需要手动配置V6,又不希望禁用整个系统V6,比如举个例子,里面两个IPv6,实际上/48的才是我们需要的.
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 00:16:3e:eb:ce:fc brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 84.33.44.55/24 brd 84.33.44.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 2a0c:8fc1:8fc1::1/48 scope global
valid_lft forever preferred_lft forever
inet6 2406:d500:9:615:216:3eff:feeb:cefc/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591908sec preferred_lft 604708sec
如何屏蔽"dynamic mngtmpaddr noprefixroute"?
只需要针对特定网卡配置sysctl,下面分别操作.
- 不适用自动配置 (比如DHCP/SLAAC就会禁用!)
- 不接受RA (SLAAC过来的RA也不要!)
- 下面最强隐私设定!
net.ipv6.conf.ens3.autoconf=0
net.ipv6.conf.ens3.accept_ra=0
net.ipv6.conf.ens3.use_tempaddr=0
如果使用netplan还需要在netplan禁用ra.
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: no
accept-ra: false
addresses:
- "84.33.44.55/24"
- "2a0c:8fc1:8fc1::1/48"
gateway4: 84.33.44.1
nameservers:
addresses: [8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844]
routes:
- to: "::/0"
via: "2a0c:8fc1:8fc1::1"
on-link: true
一切OK!