please enable IPv6 privacy extensions by default
Bug #841353 reported by
James Troup
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
procps (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
We don't appear to enable IPv6 privacy extensions[1] by default.
Could we please do so? Leaking the MAC address of any IPv6 enabled
device is both undesirable and a regression from IPv4.
Enabling them appears to be as simple as a sysctl.d file with the
following in it:
net.ipv6.
net.ipv6.
With those set, I now have 3 IPv6 addresses, one link local, one with
my MAC address and one without my MAC address. Although my machine
will answer to all 3 it will only use the non-MAC address based one
for outbound traffic.
Related branches
lp:~cyphermox/ubuntu/precise/procps/ipv6-privext
- Martin Pitt (community): Approve
-
Diff: 31 lines (+19/-0)2 files modifieddebian/changelog (+7/-0)
debian/sysctl.d/10-ipv6-privacy.conf (+12/-0)
tags: | added: ipv6 privacy |
To post a comment you must log in.
Confirming, we've been discussing this in https:/ /blueprints. launchpad. net/ubuntu/ +spec/foundatio ns-p-ipv6; and although it's not approved yet we did identify work items for enabling this at the ifupdown and NM levels.