"Rodney W. Grimes" <[email protected]> wrote in <[email protected]>:
fr> > fr> > I know both of these groups still do exist. fr> > fr> > Also every code not compiled in is not an attack surface, where you fr> > think it?s executed or not. fr> fr> This last reason is/was a prevelent one for me for a long time, fr> diven ipv6 is trying to autoconfigure stuff and interfaces fr> just get a link local address that is reachable that I would fr> have to secure. Its was/is a royal pita to do that for lots of fr> machines. fr> fr> Am I missing something in there is just some way to turn off the fr> link local ipv6 address? There is a way to disable automatic link-local address configuration but completely turning it off prevents NDP from working. Having a knob to restrict L3 communication over link-local addresses may be a good compromise. At this moment, a packet filter is required to do so. -- Hiroki
pgptkGnWC1_nm.pgp
Description: PGP signature
