services.firewalld.settings.IPv6_rpfilter
Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704.
Possible values:
"strict"
: Performs "strict" filtering as per RFC 3704.
This check verifies that the in ingress interface is the same interface that would be used to send a packet reply to the source.
That is, ingress == egress.
"loose"
: Performs "loose" filtering as per RFC 3704.
This check only verifies that there is a route back to the source through any interface; even if it's not the same one on which the packet arrived.
"strict-forward"
: This is almost identical to "strict", but does not perform RPF for packets targeted to the host (INPUT).
"loose-forward"
: This is almost identical to "loose", but does not perform RPF for packets targeted to the host (INPUT).
"no"
: RPF is completely disabled.
The rp_filter for IPv4 is controlled using sysctl.
- Type
one of "strict", "loose", "strict-forward", "loose-forward", "no"- Default
"strict"- Declared
- <nixpkgs/nixos/modules/services/networking/firewalld/settings.nix>