No, there is no way to completely disable DMA. If you did that, your system would slow to a crawl. But you can protect yourself in other ways, both deterministically, and probabilistically. To do that, you'll need to be more familiar with the threat you are trying to defend against.
Devices vulnerable to DMA
If a PCI device is plugged in, it can run a DMA attack whether or not the system wants it to. PCI devices cannot be hotplugged, which means once your system is booted up, you cannot insert a device and launch a DMA attack without simply shorting out the whole system. PCIe devices can however be hotplugged, but you can often disable this feature. On Linux systems, you can do this by removing the shpchp module. If you do this, then a malicious PCIe device will have to be already inserted as you boot up for it to do anything bad.
Cardbus uses the pcmcia driver, Firewire uses ohci1394, and Thunderbolt simply uses thunderbolt. Note that on some systems, Firewire will instead use the newer firewire-ohci driver, which is not vulnerable to DMA attacks. Disabling the drivers (using the rmmod utility) should prevent them from launching DMA.
USB 3.1 can emulate Thunderbolt devices. This requires user intervention however, so it is not a big risk. You can't just plug in a USB 3.1 device and have it automatically perform a DMA attack.
Disabling vulnerable drivers
You should be able to defeat the majority of trivial DMA attacks with the following commands:
# rmmod pcmcia
# rmmod ohci1394
# rmmod thunderbolt
# rmmod shpchp
This is a temporary solution, and only lasts until reboot. Additionally, some of them come under different names. You will have to blacklist the modules using a dedicated configuration file. There are many guides online for blacklisting Firewire modules, so I won't link them here. This is only meant as an example stop-gap solution to quickly remove low-hanging fruit for DMA attacks.
If any of these drivers are built into your kernel, they can't be disabled with rmmod, or by blacklisting them. You can check if they are by looking in /lib/modules/$(uname -r)/modules.builtin for their names.
Protecting from DMA using the IOMMU
Most modern CPUs have what's called an IOMMU, or In/Out Memory Management Unit. It acts sort of like a firewall for all memory requests, including direct memory access (note that IOMMUs which do not support "interrupt remapping" do not provide adequate protection and can be broken out of). On Intel chips, it is a featured called VT-d. On AMD, it is called AMD-Vi. By default, it does not provide protection from DMA attacks, but with clever configuration, it can. Some specialized operating systems take advantage of this, such as Qubes, which uses the Xen hypervisor to specifically protect from DMA attacks. There's also BitVisor and TreVisor which use the IOMMU to protect encryption keys from being stolen with DMA. You can also use a feature in newer kernels called VFIO which allows you to bind "root PCI devices" to virtual machines, so that if that PCI device gets compromised, the DMA attack is only able to read the memory of the virtual machine, and not of the host. You can extend that in clever ways to protect the host, such as having a headless (non-graphical) virtual machine for each at-risk peripheral, which forwards data to the host when it is received. IOMMUs are a very flexible solution against DMA attacks, but also very complex.
Physical protection
Depending on your adversary, you may simply want to provide tamper resistance. You can buy inexpensive but high quality epoxy resin and apply it to vulnerable ports and unused PCI slots. Especially if used in combination with removing vulnerable drivers, this will significantly increase your security against any adversary who does not have a lot of time on their hands alone with your system.
You can also protect your system by locking it in a locked computer enclosure, or with chassis intrusion detection. You could seal it off in a room where any unauthorized access to the room causes the entire system to shut down. There are many clever ways to do this, with efficacy depending on your budget. It can range from putting it in a blast-proof bank vault, where any access to the vault shuts the system down automatically (almost perfect protection against DMA and, well, all physical access to the running system), to something fairly cheap, such as using the internal chassis intrusion detector and having the system shut down if anyone opens the chassis up (which would protect against anyone who doesn't drill a hole in it, or carefully remove the resin from any exposed DMA-capable ports) outside the chassis.
Using alternative hardware with a low DMA risk
If you are worried about exploits, you may be thinking that it is a bad idea to even have an Ethernet or Wifi card connected to PCI, because even if those devices do not willingly hand out DMA, if they get hacked, the attacker will have all the abilities the card does, including DMA. Luckily, almost everything can be done over USB now days, which has a much lower chance of being compromised and forced to perform a DMA attack. You can read Cardbus over USB, have Ethernet and Wifi over USB, Bluetooth over USB, you name it. You can additionally reduce your attack surface area by disabling the 3.x USB driver, xhci-hcd. Note that while it is not possible to launch a DMA attack over USB by default, it is not impossible, it's simply much, much harder.
