As a security best practice, verify that your VMware appliance host machines deny IPv6 router solicitations unless otherwise required for system operation.

About this task

The router solicitations setting determines how many router solicitations are sent when bringing up the interface. If addresses are statically assigned, there is no need to send any solicitations.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv6/conf/*/router_solicitations|egrep "default|all" command on the VMware appliance host machines to verify that they deny IPv6 router solicitations.

    If the host machines are configured to deny IPv6 router advertisements, this command will return the following:

    /proc/sys/net/ipv6/conf/all/router_solicitations:0
    /proc/sys/net/ipv6/conf/default/router_solicitations:0

    If the host machines are configured correctly, no further action is necessary.

  2. If you need to configure host machines to deny IPv6 router solicitations, open the /etc/sysctl.conf file in a text editor.
  3. Check for the following entries.
    net.ipv6.conf.all.router_solicitations=0
    net.ipv6.conf.default.router_solicitations=0

    If the entries do not exist or if their values are not set to zero, add the entries or update the existing entries accordingly.

  4. Save any changes and close the file.