As a security best practice, verify that host system denies IPv6 router solicitations unless necessary. The router solicitations setting determines how many router solicitations are sent when bringing up the interface. If addresses are assigned statically, there is no need to send any solicitations.
Procedure
- Run the # grep [01] /proc/sys/net/ipv6/conf/*/router_solicitations|egrep "default|all" command to verify whether the host system denies IPv6 router solicitations unless necessary.
- Configure the host system to deny IPv6 router solicitations.
- Open the /etc/sysctl.conf.
- If the values are not set to
0
, add the following entries to the file or update the existing entries accordingly. Set the value to0
.net.ipv6.conf.all.router_solicitations=0 net.ipv6.conf.default.router_solicitations=0
- Save the changes and close the file.
- Run
# sysctl -p
to apply the configuration.