ipv6: Add icmp_echo_ignore_anycast for ICMPv6

In addition to icmp_echo_ignore_multicast, there is a need to also prevent responding to pings to anycast addresses for security. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Stephen Suryaputra <ssuryaextr@gmail.com> 2019-03-20 10:29:27 -0400
committer: David S. Miller <davem@davemloft.net> 2019-03-20 16:29:37 -0700
commit: 0b03a5ca8b14321366eec4a903922d2b46d585ff (patch)
tree: dd57f1bdfad2cdd949bde6d02fafa392fd374001 /net/ipv6/af_inet6.c
parent: a534ea30e70fc51c4cef31c0683955dd8a568a11 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index fdc117de849c..fa6b404cbd10 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -848,6 +848,7 @@ static int __net_init inet6_net_init(struct net *net)
 	net->ipv6.sysctl.icmpv6_time = 1*HZ;
 	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
 	net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
+	net->ipv6.sysctl.icmpv6_echo_ignore_anycast = 0;
 	net->ipv6.sysctl.flowlabel_consistency = 1;
 	net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;
 	net->ipv6.sysctl.idgen_retries = 3;
author	Stephen Suryaputra <ssuryaextr@gmail.com>	2019-03-20 10:29:27 -0400
committer	David S. Miller <davem@davemloft.net>	2019-03-20 16:29:37 -0700
commit	0b03a5ca8b14321366eec4a903922d2b46d585ff (patch)
tree	dd57f1bdfad2cdd949bde6d02fafa392fd374001 /net/ipv6/af_inet6.c
parent	a534ea30e70fc51c4cef31c0683955dd8a568a11 (diff)