Simon Leinen writes:
Anyway, I finally learned how to configure filters on my Linux
laptop, and found that the following command (as root) makes my box
ignore RAs from that particular address:
ip6tables -A INPUT -s fe80::204:23ff:fe7a:fb3e \
--protocol ipv6-icmp --icmpv6-type router-advertisement \
-j DROP
A second source of bogus RAs has popped up, so currently I recommend:
----------------------------------------------------------------------
#!/bin/sh
evil_ll="fe80::204:23ff:fe7a:fb3e fe80::20c:f1ff:fe34:45c0"
ip6tables -F INPUT
for ll in ${evil_ll}
do
ip6tables -A INPUT -s "${ll}" \
--protocol ipv6-icmp --icmpv6-type router-advertisement \
-j DROP
done
----------------------------------------------------------------------
An alternative would be to find out the addresses of the "real" IPv6
routers and block RAs from anywhere else.
Of course SEND (SEcure Neighbor Discovery) will solve this, right?
--
Simon.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf