Limit the number of Router Advertisements processed on an interface

To: debian-ipv6@lists.debian.org
Subject: Limit the number of Router Advertisements processed on an interface
From: Dheeraj Kandula <dkandula@gmail.com>
Date: Wed, 15 Jun 2022 10:23:18 -0400
Message-id: <[🔎] CA+qNgxT+kXzz6oSaiiXWjSNe=ezECSKMUBF1p2DDK31ieMMa2A@mail.gmail.com>

Hi All,

Is it possible to limit the number of Router Advertisements that will be processed on an interface or on a Linux device as a whole (either granularity is fine)?

For example, if an interface receives more than 200 RAs within a time interval, only the first 200 will be processed.

There are sysctls to disable RA completely. i.e.

net.ipv6.conf.default.accept_ra=0,

Disable processing Default routes: net.ipv6.conf.default.accept_ra_defrtr=0

Disable processing Prefix: net.ipv6.conf.default.accept_ra_pinfo=0.

But I want to enable the above 3 functionalities but limit the number of them being processed.

Why?

This is to avoid DOS attacks using RAs from being bombarded onto a linux machine.

Dheeraj

Reply to:

Follow-Ups:
- Re: Limit the number of Router Advertisements processed on an interface
  - From: Marc Haber <mh+debian-ipv6@zugschlus.de>
- Re: Limit the number of Router Advertisements processed on an interface
  - From: Michael Richardson <mcr@sandelman.ca>

Prev by Date: Re: Disabling IPv6 by default when creating a new namespace in Linux
Next by Date: Re: Limit the number of Router Advertisements processed on an interface
Previous by thread: Re: Disabling IPv6 by default when creating a new namespace in Linux
Next by thread: Re: Limit the number of Router Advertisements processed on an interface
Index(es):
- Date
- Thread