Configure the Host
System to Restrict IPv6 Maximum Addresses
As a security best
practice, verify that the host restricts the maximum number of IPv6 addresses
that can be assigned. The maximum addresses setting determines how many global
unicast IPv6 addresses can be assigned to each interface. The default is 16 but
you must set the number to the statically configured global addresses required.
- Run the# grep [1] /proc/sys/net/ipv6/conf/*/max_addresses|egrep "default|all"command to verify whether the host system restricts the maximum number of IPv6 addresses that can be assigned.
- If the values are not set to1, configure the host system to restrict the maximum number of IPv6 addresses that can be assigned.
- Open the/etc/sysctl.conffile.
- Add the following entries to the file or update the existing entries accordingly. Set the value to1.net.ipv6.conf.all.max_addresses=1 net.ipv6.conf.default.max_addresses=1
- Save the changes and close the file.
- Run# sysctl -pto apply the configuration.