Groups | Search | Server Info | Login | Register
Groups > linux.debian.maint.ipv6 > #140
| From | Dheeraj Kandula <dkandula@gmail.com> |
|---|---|
| Newsgroups | linux.debian.maint.ipv6 |
| Subject | Limit the number of Router Advertisements processed on an interface |
| Date | 2022-06-15 16:30 +0200 |
| Message-ID | <EyCbT-4Zr0-3@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Hi All,
Is it possible to limit the number of Router Advertisements that will
be processed on an interface or on a Linux device as a whole (either
granularity is fine)?
*For example*, if an interface receives more than 200 RAs within a time
interval, only the first 200 will be processed.
There are sysctls to *disable* RA completely. i.e.
net.ipv6.conf.default.accept_ra=0,
Disable processing Default routes: net.ipv6.conf.default.accept_ra_defrtr=0
Disable processing Prefix: net.ipv6.conf.default.accept_ra_pinfo=0.
But I want to enable the above 3 functionalities but limit the number of
them being processed.
*Why?*
This is to avoid DOS attacks using RAs from being bombarded onto a linux
machine.
Dheeraj
Back to linux.debian.maint.ipv6 | Previous | Next — Next in thread | Find similar
Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-06-15 16:30 +0200
Re: Limit the number of Router Advertisements processed on an interface Marc Haber <mh+debian-ipv6@zugschlus.de> - 2022-06-15 17:50 +0200
Re: Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-06-15 18:30 +0200
Re: Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-07-11 22:00 +0200
Re: Limit the number of Router Advertisements processed on an interface Michael Richardson <mcr@sandelman.ca> - 2022-06-15 18:10 +0200
csiph-web