Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 7 Jun 2022, at 21:09, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> While IPFire 2.x' web interface does not support IPv6, users can
> technically run it with IPv6 by conducting the necessary configuration
> changes manually.
> 
> To provide these systems as well, we should disable acceptance of ICMPv6
> redirect packets - which is apparently not default in Linux, yet. :-/
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/etc/sysctl.conf | 4 ++++
> 1 file changed, 4 insertions(+)
> 
> diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
> index 7fe397bb7..6bf3bc887 100644
> --- a/config/etc/sysctl.conf
> +++ b/config/etc/sysctl.conf
> @@ -31,6 +31,10 @@ vm.min_free_kbytes = 8192
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> 
> +# However, enable some IPv6 hardening sysctl's in case this system is run customly _with_ IPv6.
> +net.ipv6.conf.all.accept_redirects = 0
> +net.ipv6.conf.default.accept_redirects = 0
> +
> # Enable netfilter accounting
> net.netfilter.nf_conntrack_acct = 1
> 
> -- 
> 2.35.3