gwg313/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/modules/nixos/sysctl/networking/ipv6.nix

57 lines
2 KiB
Nix
Raw Blame History

{
config,
pkgs,
...
}:
{
boot.kernel.sysctl = {
# disallow IPv6 packet forwarding
"net.ipv6.conf.default.forwarding" = 0;
"net.ipv6.conf.all.forwarding" = 0;
# number of Router Solicitations to send until assuming no routers are present
"net.ipv6.conf.default.router_solicitations" = 0;
"net.ipv6.conf.all.router_solicitations" = 0;
# do not accept Router Preference from RA
"net.ipv6.conf.default.accept_ra_rtr_pref" = 0;
"net.ipv6.conf.all.accept_ra_rtr_pref" = 0;
# learn prefix information in router advertisement
"net.ipv6.conf.default.accept_ra_pinfo" = 0;
"net.ipv6.conf.all.accept_ra_pinfo" = 0;
# setting controls whether the system will accept Hop Limit settings from a router advertisement
"net.ipv6.conf.default.accept_ra_defrtr" = 0;
"net.ipv6.conf.all.accept_ra_defrtr" = 0;
# router advertisements can cause the system to assign a global unicast address to an interface
"net.ipv6.conf.default.autoconf" = 0;
"net.ipv6.conf.all.autoconf" = 0;
# number of neighbor solicitations to send out per address
"net.ipv6.conf.default.dad_transmits" = 0;
"net.ipv6.conf.all.dad_transmits" = 0;
# number of global unicast IPv6 addresses can be assigned to each interface
"net.ipv6.conf.default.max_addresses" = 1;
"net.ipv6.conf.all.max_addresses" = 1;
# enable IPv6 Privacy Extensions (RFC30;41) and prefer the temporary address
#"net.ipv6.conf.default.use_tempaddr" = 2; # Nix sets by default
"net.ipv6.conf.all.use_tempaddr" = 2;
# ignore IPv6 ICMP redirect messages
"net.ipv6.conf.default.accept_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
# do not accept packets with SRR option
"net.ipv6.conf.default.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# ignore all ICMPv6 echo requests
#net.ipv6.icmp.echo_ignore_all = 1
#net.ipv6.icmp.echo_ignore_anycast = 1
#net.ipv6.icmp.echo_ignore_multicast = 1
};
}
Reference in a new issue View git blame Copy permalink