As a security best practice, verify that the host system denies IPv6 router advertisement autoconf settings. The autoconf setting controls whether router advertisements can cause the system to assign a global unicast address to an interface.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv6/conf/*/autoconf|egrep "default|all" command to verify whether the host system denies IPv6 router advertisement autoconf settings.
  2. If the values are not set to 0, configure the host system to deny IPv6 router advertisement autoconf settings.
    1. Open the /etc/sysctl.conf file.
    2. If the values are not set to 0, add the following entries to the file or update the existing entries accordingly. Set the value to 0.
      net.ipv6.conf.all.autoconf=0 
      net.ipv6.conf.default.autoconf=0 
      
    3. Save the changes and close the file.