As a security best practice, verify that your host system denies IPv6 router solicitations unless necessary. The router preference in the solicitations setting determines router preferences. If addresses are assigned statically, there is no need to receive any router preference for solicitations.
Procedure
- Run the # grep [01] /proc/sys/net/ipv6/conf/*/accept_ra_rtr_pref|egrep "default|all" on the host system to verify whether the host system denies IPv6 router solicitations.
- Configure the host system to deny IPv6 router preference in router solicitations.
- Open the /etc/sysctl.conf file.
- If the values are not set to
0
, add the following entries to the file or update the existing entries accordingly. Set the value to0
.net.ipv6.conf.all.accept_ra_rtr_pref=0 net.ipv6.conf.default.accept_ra_rtr_pref=0
- Save the changes and close the file.
- Run
# sysctl -p
to apply the configuration.