Re: Limit the number of Router Advertisements processed on an interface

To: Dheeraj Kandula <dkandula@gmail.com>
Cc: debian-ipv6@lists.debian.org
Subject: Re: Limit the number of Router Advertisements processed on an interface
From: Michael Richardson <mcr@sandelman.ca>
Date: Wed, 15 Jun 2022 11:56:22 -0400
Message-id: <[🔎] 23129.1655308582@localhost>
In-reply-to: <[🔎] CA+qNgxT+kXzz6oSaiiXWjSNe=ezECSKMUBF1p2DDK31ieMMa2A@mail.gmail.com>
References: <[🔎] CA+qNgxT+kXzz6oSaiiXWjSNe=ezECSKMUBF1p2DDK31ieMMa2A@mail.gmail.com>

Dheeraj Kandula <dkandula@gmail.com> wrote:
    > *Why?*
    > This is to avoid DOS attacks using RAs from being bombarded onto a linux
    > machine.

Well, you might be able to rate limit them with ip6tables/nftables, but I see
no point in only listening to the first X of them. You might as well just
disable them and configure a static IPv6.

You should also check out "RAGuard" functionality on your L2 switch.
RFC6105.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Limit the number of Router Advertisements processed on an interface
  - From: Dheeraj Kandula <dkandula@gmail.com>

Prev by Date: Re: Limit the number of Router Advertisements processed on an interface
Next by Date: Re: Limit the number of Router Advertisements processed on an interface
Previous by thread: Re: Limit the number of Router Advertisements processed on an interface
Next by thread: IPv6 equivalent of secure_redirects
Index(es):
- Date
- Thread