Bug 6998

Summary: rp_filter missing for ipv6
Product: Networking Reporter: Hadmut Danisch (hadmut)
Component: IPV6Assignee: Hideaki YOSHIFUJI (yoshfuji)
Status: REJECTED INSUFFICIENT_DATA    
Severity: normal CC: fweimer, protasnb, timo
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.17 Subsystem:
Regression: --- Bisected commit-id:

Description Hadmut Danisch 2006-08-13 05:57:10 UTC 
Hi,

ipv4 has a feature rp_filter, where packets are rejected if their sender address
wouldn't be routed to the interface the packet came in on.

ipv6 still lacks this feature. 

It is possible to mimic that feature through iptables, but due to the fact that
ipv6 has a significantly more complicated address structure, it is not trivial
to write the iptable rules.

regards
Hadmut
Comment 1 Natalie Protasevich 2007-10-03 23:02:06 UTC 
Hadmut,
Is this still a problem?
Thanks.
Comment 2 Timo Weingärtner 2011-02-24 13:46:53 UTC 
It is still a problem.

Ip6tables can only serve as a replacement if it gets a current copy of the routing table(s) and it's extra work to manage both places.
Comment 3 Florian Weimer 2012-08-14 13:31:57 UTC 
This has been implemented with the rpfilter match in Linux 3.3 (needs iptables 1.4.14 in userspace).