{"description": "To limit the configuration information requested from other\nsystems and accepted from the network on a system that uses\nstatically-configured IPv6 addresses, add the following lines to\n<tt>/etc/sysctl.conf</tt>:\n<pre>net.ipv6.conf.default.router_solicitations = 0\nnet.ipv6.conf.default.accept_ra_rtr_pref = 0\nnet.ipv6.conf.default.accept_ra_pinfo = 0\nnet.ipv6.conf.default.accept_ra_defrtr = 0\nnet.ipv6.conf.default.autoconf = 0\nnet.ipv6.conf.default.dad_transmits = 0\nnet.ipv6.conf.default.max_addresses = 1</pre>\nThe <tt>router_solicitations</tt> setting determines how many router\nsolicitations are sent when bringing up the interface. If addresses are\nstatically assigned, there is no need to send any solicitations.\n<br /><br />\nThe <tt>accept_ra_pinfo</tt> setting controls whether the system will accept\nprefix info from the router.\n<br /><br />\nThe <tt>accept_ra_defrtr</tt> setting controls whether the system will accept\nHop Limit settings from a router advertisement. Setting it to 0 prevents a\nrouter from changing your default IPv6 Hop Limit for outgoing packets.\n<br /><br />\nThe <tt>autoconf</tt> setting controls whether router advertisements can cause\nthe system to assign a global unicast address to an interface.\n<br /><br />\nThe <tt>dad_transmits</tt> setting determines how many neighbor solicitations\nto send out per address (global and link-local) when bringing up an interface\nto ensure the desired address is unique on the network.\n<br /><br />\nThe <tt>max_addresses</tt> setting determines how many global unicast IPv6\naddresses can be assigned to each interface.  The default is 16, but it should\nbe set to exactly the number of statically configured global addresses\nrequired.", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": ["ipv6[enabled]"], "cpe_platform_names": [], "title": "Limit Network-Transmitted Configuration if Using Static IPv6 Addresses", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_limit_requests/group.yml"}