From aa5f8c93fd84b54495ea8d7db1510cd5247d6ec7 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Thu, 15 Oct 2020 11:00:59 -0400
Subject: [PATCH] Entirely disable IPv6 on bridged interfaces

Prevents any potential leakage due to autoconfigured IPv6 on bridged
interfaces. These are exclusively VM-side bridges, and the PVC host
should not have any IPv6 configuration on them, ever.
---
 node-daemon/pvcnoded/VXNetworkInstance.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/node-daemon/pvcnoded/VXNetworkInstance.py b/node-daemon/pvcnoded/VXNetworkInstance.py
index 9ebbde3a..b31dea7b 100644
--- a/node-daemon/pvcnoded/VXNetworkInstance.py
+++ b/node-daemon/pvcnoded/VXNetworkInstance.py
@@ -511,9 +511,9 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out
             )
         )
 
-        # Disable IPv6 DAD on bridge interface
+        # Disable IPv6 on bridge interface (prevents leakage)
         common.run_os_command(
-            'sysctl net.ipv6.conf.{}.accept_dad=0'.format(
+            'sysctl net.ipv6.conf.{}.disable_ipv6=1'.format(
                 self.bridge_nic
             )
         )