VMware Aria Operations 8.17.1

8.18 8.17.1 8.16 8.14 8.12
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Configure the Host System to Deny IPv6 Router Preference in Router Solicitations

As a security best practice, verify that your host system denies IPv6 router solicitations unless necessary. The router preference in the solicitations setting determines router preferences. If addresses are assigned statically, there is no need to receive any router preference for solicitations.
  1. Run the
    # grep [01] /proc/sys/net/ipv6/conf/*/accept_ra_rtr_pref|egrep "default|all"
     on the host system to verify whether the host system denies IPv6 router solicitations.
  2. Configure the host system to deny IPv6 router preference in router solicitations.
    1. Open the
      /etc/sysctl.conf
       file.
    2. If the values are not set to
      0
      , add the following entries to the file or update the existing entries accordingly. Set the value to
      0
      . 
      net.ipv6.conf.all.accept_ra_rtr_pref=0 
net.ipv6.conf.default.accept_ra_rtr_pref=0
    3. Save the changes and close the file.
    4. Run
      # sysctl -p
       to apply the configuration.

Content feedback and comments