As a security best practice, verify that the host system denies IPv6 router advertisement Hop Limit settings from a router advertisement unless necessary. The accept_ra_defrtr setting controls whether the system will accept Hop Limit settings from a router advertisement. Setting it to 0 prevents a router from changing your default IPv6 Hop Limit for outgoing packets.

1

Run the # grep [01] /proc/sys/net/ipv6/conf/*/accept_ra_defrtr|egrep "default|all" command to verify that the host system denies IPv6 router Hop Limit settings.

2

If the values are not set to 0, configure the host system to deny IPv6 router advertisement Hop Limit settings.

a

Open the /etc/sysctl.conf file.

b

If the values are not set to 0, add the following entries to the file or update the existing entries accordingly. Set the value to 0.

net.ipv6.conf.all.accept_ra_defrtr=0 
net.ipv6.conf.default.accept_ra_defrtr=0 
c

Save the changes and close the file.