@Simon, that is what the patch does: it permits very limited use of the unspecified address as source to enable DAD, then enforces anti-spoofing rules and then permits ICMP once anti-spoofing chain has been applied. What, if any, documentation do you think is required to alert users changed behavior of IPv6 privacy address (previously permitting only ICMP, and now blocking all traffic from privacy addresses)?
@Simon, that is what the patch does: it permits very limited use of the unspecified address as source to enable DAD, then enforces anti-spoofing rules and then permits ICMP once anti-spoofing chain has been applied. What, if any, documentation do you think is required to alert users changed behavior of IPv6 privacy address (previously permitting only ICMP, and now blocking all traffic from privacy addresses)?
Existing documentation indicating privacy addresses are not supported: http:// docs.openstack. org/liberty/ networking- guide/adv_ config_ ipv6.html (under Security Considerations). I meant to include this link in my previous post.