As a security best practice, verify that the host system denies the acceptance of router advertisements and Internet Control Message Protocol (ICMP) redirects unless necessary. A feature of IPv6 is how systems can configure their networking devices by automatically using information from the network. From a security perspective, it is preferable to manually set important configuration information rather than accepting it from the network in an unauthenticated way.

1

Run the # grep [01] /proc/sys/net/ipv6/conf/*/accept_ra|egrep "default|all" command on the host system to verify whether the system denies the acceptance of router advertisements and ICMP redirects unless necessary.

2

Configure the host system to deny IPv6 router advertisements.

a

Open the /etc/sysctl.conf file.

b

If the values are not set to 0, add the following entries to the file or update the existing entries accordingly. Set the value to 0.

net.ipv6.conf.all.accept_ra=0 
net.ipv6.conf.default.accept_ra=0 
c

Save the changes and close the file.