Simon Leinen writes: > Anyway, I finally learned how to configure filters on my Linux > laptop, and found that the following command (as root) makes my box > ignore RAs from that particular address: > ip6tables -A INPUT -s fe80::204:23ff:fe7a:fb3e \ > --protocol ipv6-icmp --icmpv6-type router-advertisement \ > -j DROP A second source of bogus RAs has popped up, so currently I recommend: ---------------------------------------------------------------------- #!/bin/sh evil_ll="fe80::204:23ff:fe7a:fb3e fe80::20c:f1ff:fe34:45c0" ip6tables -F INPUT for ll in ${evil_ll} do ip6tables -A INPUT -s "${ll}" \ --protocol ipv6-icmp --icmpv6-type router-advertisement \ -j DROP done ---------------------------------------------------------------------- An alternative would be to find out the addresses of the "real" IPv6 routers and block RAs from anywhere else. Of course SEND (SEcure Neighbor Discovery) will solve this, right? -- Simon. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf