Hi All,
Is it possible to limit the number of Router Advertisements that will be processed on an interface or on a Linux device as a whole (either granularity is fine)?
For example, if an interface receives more than 200 RAs within a time interval, only the first 200 will be processed.
There are sysctls to disable RA completely. i.e.
net.ipv6.conf.default.accept_ra=0,
Disable processing Default routes: net.ipv6.conf.default.accept_ra_defrtr=0
Disable processing Prefix: net.ipv6.conf.default.accept_ra_pinfo=0.
But I want to enable the above 3 functionalities but limit the number of them being processed.
Why?
This is to avoid DOS attacks using RAs from being bombarded onto a linux machine.
Dheeraj