一、编辑/etc/default/grub
编辑/etc/default/grub,在GRUB_CMDLINE_LINUX加上的后面句首加上ipv6.disable=1。
修改之前:
[root@localhost ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet" GRUB_DISABLE_RECOVERY="true" [root@localhost ~]#
修改之后:
[root@localhost ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet" GRUB_DISABLE_RECOVERY="true" [root@localhost ~]#
二、重新生成grub.cfg文件
修改完毕后保存,运行grub2-mkconfig -o /boot/grub2/grub.cfg重新生成grub.cfg文件。
[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-514.2.2.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-514.2.2.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-327.36.3.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.36.3.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-d885883cdb4944609bc5e3493dd2b680 Found initrd image: /boot/initramfs-0-rescue-d885883cdb4944609bc5e3493dd2b680.img done [root@localhost ~]#
三、重启系统
运行下面的命令,已经看不到tcp6的协议:
[root@localhost ~]# netstat -nltp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1030/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1294/master [root@localhost ~]#
清除以前的防火墙规则,或者添加允许指定某个端口开放
[root@localhost ~]# iptables -F