Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)
Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)
The ip6tables commands provided are intended to manipulate the forwarding of IPv6 packets on a Linux router. The first rule drops any packets with a source address in the fe80::/64 range, and the second rule drops packets with a destination address in the same range. These addresses are link-local addresses typically used for communication within a single network segment and are not routed across multiple segments. Therefore, packets with fe80::/64 addresses should not typically appear in the FORWARD chain, making it accurate to say that such packets will not occur in the FORWARD chain. Additionally, the ip6tables commands are syntactically correct and will execute without producing errors or warnings, confirming that both commands will complete without errors.
A+D: A: Those are "Link Local" adresses. Link locals are not routed. They are kinda private adresses("Local" as the name says) . As they are not routed they should never show up in FORWARD(forwarded packages) but only in INPUT(incomming) and OUTPUT(outgoing). D: Nevertheless is it possible to craft a rule that aditionally blocks such addresses - why shouldn't it? Useless but no Error. [ For E - wrong - : Only FORWARD(= only packages routed,forwarded by the kernel ) are blocked and OUTPUT(outgoing) and INPUT(incomming) is not blocked. Traffic from an to other devices goes freely in and out -> Communication to other devices including routers and dhcpv6 will not be blocked. ] I think key for this question is to spot, the FE80 which are Link Local adresses, which are
I don't think E is correct, only info I can find on suppressing router advertisements is via sysctl. https://sysctl-explorer.net/net/ipv6/accept_ra/
A and D is correct
A and D is correct
A and D are correct
I've made some research and found that: - IPv6 link-local addresses can be forwarded between network interfaces, but it is also a requirement that both the interfaces must be in the same subnets! - The E option is true, because these rules drops all the IPv6 packets from/to the link-local addresses. DHCPv6 uses link-local addresses for router advertisements, therefore these rules are appropriate to prevent the forwarding of the router advertisements between the interfaces.
A. Packets with source or destination addresses in the fe80::/64 range should not occur in the FORWARD chain. This statement is correct because fe80::/64 addresses are typically used for communication within a local network and should not be involved in routing between interfaces in the FORWARD chain. D. Both ip6tables commands complete without an error message or warning. This means that the iptables commands execute without syntax errors.