As a security best practice, verify that the host restricts the maximum number of IPv6 addresses that can be assigned. The maximum addresses setting determines how many global unicast IPv6 addresses can be assigned to each interface. The default is 16 but you must set the number to the statically configured global addresses required.
Procedure
- Run the # grep [1] /proc/sys/net/ipv6/conf/*/max_addresses|egrep "default|all" command to verify whether the host system restricts the maximum number of IPv6 addresses that can be assigned.
- If the values are not set to
1, configure the host system to restrict the maximum number of IPv6 addresses that can be assigned.- Open the /etc/sysctl.conf file.
- Add the following entries to the file or update the existing entries accordingly. Set the value to
1.net.ipv6.conf.all.max_addresses=1 net.ipv6.conf.default.max_addresses=1
- Save the changes and close the file.
- Run
# sysctl -pto apply the configuration.
