Enable IPv6 Privacy Extensions by default
Rui Paulo
rpaulo at me.com
Wed Jun 14 02:51:15 UTC 2017
On Mon, 2017-06-12 at 13:19 +0200, Tijl Coosemans wrote:
> On Sun, 11 Jun 2017 22:13:14 +0000 "Bjoern A. Zeeb" <bzeeb-lists at list
> s.zabbadoz.net> wrote:
> > On 11 Jun 2017, at 19:59, Tijl Coosemans wrote:
> > > I recently got a new modem/router from my ISP that supports
> > > IPv6. Added
> > > ifconfig_em0_ipv6="inet6 accept_rtadv" and rtsold_enable="YES" to
> > > /etc/rc.conf like the handbook says and now all my FreeBSD
> > > systems have
> > > an IPv6 address. \o/
> > >
> > > I also added these lines to /etc/sysctl.conf to enable temporary
> > > addresses:
> > >
> > > net.inet6.ip6.use_tempaddr=1
> > > net.inet6.ip6.prefer_tempaddr=1
> > >
> > > Shouldn't these be enabled by default? There was a proposal 9
> > > years ago
> > > that didn't get any objections but it seems it wasn't committed:
> > > https://lists.freebsd.org/pipermail/freebsd-net/2008-June/018381.
> > > html
> > >
> > > If there are no objections, I'll make the change in a week or
> > > so.
> >
> > Object :)
> >
> > Check the rc.conf ipv6_privacy option rather than setting the
> > sysctl
> > manually.
>
> Ah, thanks. I see that RFC 4941 also recommends it be disabled by
> default.
RFC 4941 was written in a time where MAC address privacy was not a
concern, but now we know better.
I don't see any reason why we shouldn't have privacy addresses enabled
by default. In fact, back in 2008 no one voiced their concerns.
--
Rui Paulo
More information about the freebsd-net
mailing list