Entirely disable IPv6 on bridged interfaces
Prevents any potential leakage due to autoconfigured IPv6 on bridged interfaces. These are exclusively VM-side bridges, and the PVC host should not have any IPv6 configuration on them, ever.
This commit is contained in:
parent
9366977fe6
commit
aa5f8c93fd
|
@ -511,9 +511,9 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
# Disable IPv6 DAD on bridge interface
|
# Disable IPv6 on bridge interface (prevents leakage)
|
||||||
common.run_os_command(
|
common.run_os_command(
|
||||||
'sysctl net.ipv6.conf.{}.accept_dad=0'.format(
|
'sysctl net.ipv6.conf.{}.disable_ipv6=1'.format(
|
||||||
self.bridge_nic
|
self.bridge_nic
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue