Disable IPv6 router learning and auto configuration of Global address

debian-squeezeipv6

I am using Debian 6.0.6, My ISP is IPv6 enabled and gave me one /64 ip address for my server, say, 24XX:XXXX::41/64. I have configured this IP address, netmask and want to statically set the router address. I have the Link Local address of the router (as advertised by the router). I have configured the address, netmask and gateway as follows in /etc/network/interfaces

iface eth0 inet6 static
    address  24XX:XXXX::53
    netmask 64
    gateway fe80::42XX:XXff:feXX:XXcb

I want to disable autoconfig of Global address and disable the server learning routes from router advertisements. From the docs if the following two procs entries are set as zero, autoconfig and routes learning should be disabled

net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.autoconf=0

But ifconfig still shows an auto configured ip address and learns routes from the router advertisements.

eth0      Link encap:Ethernet  HWaddr 00:AB:CD:EF:GH:IJ  
          inet addr:202.88.xx.xx  Bcast:202.88.xx.xx  Mask:255.255.255.192
          inet6 addr: 24XX:XXXX::2AB:CDff:feEF:GHIJ/64 Scope:Global
          inet6 addr: fe80::2AB:CDff:feEF:GHIJ/64 Scope:Link
          inet6 addr: 24XX:XXXX::53/64 Scope:Global

route -A inet6 
::/0                           fe80::42XX:XXff:feXX:XXcb  UG   1   0    59 eth0
::/0                           fe80::42XX:XXff:feXX:XXcb  UGDAe 1024 0     0 eth0
::/0                           fe80::222:YYff:feYY:YY1b   UGDAe 1024 0     0 eth0

The last two entries were auto learned from router advertisement.

My expectation was that after setting accept_ra and autoconf as 0, the autoconfigured Global scope IP address and learned routes should not have appeared.

I am trying to disable autoconfigured Global Scope IP address as I do not want my MAC address to leak to the Internet. I also do not want any learned routes as I presume a rouge router with a wrong advertisement can cause my host to send packets to wrong place.

Best Answer

If the system has already learned the default gateway and prefixes before you disable autoconf and accept_ra then will remain active until they time out. What the timeouts are depends on what the RA contained. You will see more detailed information with the ip -6 addr command.

To solve your issue: make sure you set the options before the network interface comes up. Setting them in /etc/sysctl.conf should do that for you.

PS: if you worry about having your MAC address visible to the outside world then you probably also should disable cookies and other things that can identify you in your browsers etc.

Related Topic