summaryrefslogtreecommitdiff
path: root/etc/optional/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'etc/optional/ipv6')
-rw-r--r--etc/optional/ipv6/hostapd/appliance/sysctl.d/ipv6.conf.sample10
-rw-r--r--etc/optional/ipv6/wpa_supplicant/appliance/sysctl.d/ipv6.conf.sample10
2 files changed, 20 insertions, 0 deletions
diff --git a/etc/optional/ipv6/hostapd/appliance/sysctl.d/ipv6.conf.sample b/etc/optional/ipv6/hostapd/appliance/sysctl.d/ipv6.conf.sample
new file mode 100644
index 0000000..29bd382
--- /dev/null
+++ b/etc/optional/ipv6/hostapd/appliance/sysctl.d/ipv6.conf.sample
@@ -0,0 +1,10 @@
+# Enable IPv6 Privacy Extensions (see RFC 4941 and RFC 3041)
+net.ipv6.conf.all.use_tempaddr = 2
+net.ipv6.conf.default.use_tempaddr = 2
+
+# Redirects can potentially be used to maliciously alter hosts routing
+# tables.
+net.ipv6.conf.all.accept_redirects = 0
+
+# The source routing feature includes some known vulnerabilities.
+net.ipv6.conf.all.accept_source_route = 0
diff --git a/etc/optional/ipv6/wpa_supplicant/appliance/sysctl.d/ipv6.conf.sample b/etc/optional/ipv6/wpa_supplicant/appliance/sysctl.d/ipv6.conf.sample
new file mode 100644
index 0000000..29bd382
--- /dev/null
+++ b/etc/optional/ipv6/wpa_supplicant/appliance/sysctl.d/ipv6.conf.sample
@@ -0,0 +1,10 @@
+# Enable IPv6 Privacy Extensions (see RFC 4941 and RFC 3041)
+net.ipv6.conf.all.use_tempaddr = 2
+net.ipv6.conf.default.use_tempaddr = 2
+
+# Redirects can potentially be used to maliciously alter hosts routing
+# tables.
+net.ipv6.conf.all.accept_redirects = 0
+
+# The source routing feature includes some known vulnerabilities.
+net.ipv6.conf.all.accept_source_route = 0
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 21:37:22 +0000